HIGHCVE-2026-32324Published 2026-04-17Modified 2026-04-17CNA icscert

CVE-2026-32324: Anviz CX7 Firmware Use of Hard-coded Cryptographic Key

Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale.

CVSS v3.1: 7.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Anviz / Anviz CX7 Firmware
All versions

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

anviz.com
cisa.gov
github.com

Metrics