Every CVE whose affected-product data names Anviz Cx7 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-35546 — CVSS 9.8 (critical): Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers…
CVE-2026-40066 — CVSS 8.8 (high): Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script…
CVE-2026-32324 — CVSS 7.7 (high): Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and…
CVE-2026-40461 — CVSS 7.5 (high): Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing…
CVE-2026-33569 — CVSS 6.5 (medium): Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which…
CVE-2026-35061 — CVSS 5.3 (medium): Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive…
CVE-2026-33093 — CVSS 5.3 (medium): Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing…
CVE-2026-32648 — CVSS 5.3 (medium): Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status)…
CVE-2026-31927 — CVSS 4.9 (medium): Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g…