HIGH🇬🇧 English

CVE-2026-40461

CVSS 7.5v3.1pub. 2026-04-17upd. 2026-05-04

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Anviz Cx2 Lite

    HW
    Anviz
    wszystkie wersje
  • Anviz Cx2 Lite Firmware

    OS
    Anviz
    wszystkie wersje
  • Anviz Cx7

    HW
    Anviz
    wszystkie wersje
  • Anviz Cx7 Firmware

    OS
    Anviz
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-35546CRITICAL9.8PL ✓ten sam produkt

Nieautoryzowane przesyłanie firmware w urządzeniach Anviz CX2 Lite i CX7

CVE-2026-32324HIGH7.7ten sam produkt

Anviz CX7 Firmware is  vulnerable because the application embeds reusable certificate/key material, enabling ...

CVE-2026-35682HIGH8.8ten sam produkt

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbi...

CVE-2026-40066HIGH8.8ten sam produkt

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks ...

CVE-2026-35061MEDIUM5.3ten sam produkt

Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authe...