Anviz Products Missing Authentication for Critical Function_CVE-2026-40461

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes that
can facilitate later compromise.

Basic Information

ID CVE-2026-40461

Source icscert

Published Apr 17, 2026 at 19:36

Affected Product

Vendor Anviz

Product Anviz CX7 Firmware

Version All versions

Affected Versions Anviz Anviz CX7 Firmware All versions
Anviz Anviz CX2 Lite Firmware All versions

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "Anviz\u00a0CX2 Lite and CX7\u00a0are vulnerable to unauthenticated POST requests that modify debug \nsettings (e.g., enabling SSH), allowing unauthorized state changes that \ncan facilitate later compromise.",
    "published": "2026-04-17T19:36:29.842Z",
    "modified": "2026-04-17T19:36:29.842Z",
    "type": "cve",
    "title": "Anviz Products Missing Authentication for Critical Function",
    "source": "icscert",
    "references": "https://www.anviz.com/contact-us.html\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json",
    "id": "CVE-2026-40461",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Anviz Anviz CX7 Firmware All versions\nAnviz Anviz CX2 Lite Firmware All versions",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Anviz CX7 Firmware",
    "version": "All versions",
    "vendor": "Anviz",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}