CVE 8.8 HIGH

Anviz CX2 Lite Command Injection_CVE-2026-35682

April 17, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Anviz CX2 Lite is vulnerable to an authenticated command injection via a
filename parameter that enables arbitrary command execution (e.g.,
starting telnetd), resulting in root‑level access.

AI Analysis

Authenticated command injection vulnerability in Anviz CX2 Lite Firmware, allowing arbitrary command execution with root-level access.

Basic Information

ID CVE-2026-35682

Source icscert

Published Apr 17, 2026 at 19:46

Modified Apr 17, 2026 at 20:30

Affected Product

Vendor Anviz

Product Anviz CX2 Lite Firmware

Version All versions

Affected Versions Anviz Anviz CX2 Lite Firmware All versions

CWE Classification

CWE-77

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Anviz

Product CX2 Lite Firmware

Version All versions

References

{
    "lastseen": "",
    "description": "Anviz\u00a0CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root\u2011level access.",
    "published": "2026-04-17T19:46:26.716Z",
    "modified": "2026-04-17T20:30:18.510Z",
    "type": "cve",
    "title": "Anviz CX2 Lite Command Injection",
    "source": "icscert",
    "references": "https://www.anviz.com/contact-us.html\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json",
    "id": "CVE-2026-35682",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Anviz Anviz CX2 Lite Firmware All versions",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Anviz CX2 Lite Firmware",
    "version": "All versions",
    "vendor": "Anviz",
    "ai_description": "Authenticated command injection vulnerability in Anviz CX2 Lite Firmware, allowing arbitrary command execution with root-level access.",
    "ai_severity": "High",
    "ai_vendor": "Anviz",
    "ai_product": "CX2 Lite Firmware",
    "ai_version": "All versions",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply