CVE-2026-40461

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N                                    

Vulnerability Description

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes that
can facilitate later compromise.

Vulnerability Details

Published Date

April 17, 2026

Last Modified

April 17, 2026

CWE ID

CWE-306

Source

NVD

Vendor

Anviz

Product

Anviz CX7 Firmware, Anviz CX2 Lite Firmware

External References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
https://www.anviz.com/contact-us.html
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

CVE-2026-40461

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment