top of page
perceptive_background_267k.jpg

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes tha…

Published:

16 april 2026 om 22:00:00

Alert date:

17 april 2026 om 21:03:48

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure, Identity & Access

Anviz CX2 Lite and CX7 devices are vulnerable to unauthenticated POST requests that can modify debug settings, including enabling SSH access. This vulnerability allows unauthorized attackers to change system states without authentication, creating a pathway for further compromise. The vulnerability affects access control systems and could lead to complete device takeover. The ability to enable SSH through unauthenticated requests represents a critical security flaw in these access control devices.

Technical details

Mitigation steps:

Affected products:

Anviz CX2 Lite
Anviz CX7

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-40461
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
https://www.anviz.com/contact-us.html
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page