HIGHCVE-2026-40461Published 2026-04-17Modified 2026-04-17CNA icscert

CVE-2026-40461: Anviz Products Missing Authentication for Critical Function

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 2

Affected packages

Anviz / Anviz CX7 Firmware
All versions
Anviz / Anviz CX2 Lite Firmware
All versions

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

anviz.com
cisa.gov
github.com

Metrics