top of page
perceptive_background_267k.jpg

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted
archives to be accepted, enabling attackers to plant and execute…

Published:

16 April 2026 at 22:00:00

Alert date:

17 April 2026 at 21:03:48

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure

Anviz CX2 Lite and CX7 devices are vulnerable to unauthenticated firmware uploads that allow attackers to upload crafted archives. This vulnerability enables attackers to plant and execute malicious code on the affected devices. Successful exploitation can lead to complete system compromise and the ability to obtain a reverse shell. The vulnerability affects access control devices commonly used in enterprise environments. No authentication is required to exploit this vulnerability, making it particularly dangerous.

Technical details

Mitigation steps:

Affected products:

Anviz CX2 Lite
Anviz CX7

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-35546
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
https://www.anviz.com/contact-us.html
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page