CVE-2026-31927
MediumCVSS 4.9Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
A vulnerability in Anviz CX7 firmware allows an authenticated attacker to upload a CSV file with path traversal, overwriting arbitrary files such as /etc/shadow. Combined with debug-setting changes, this can lead to unauthorized SSH access.
Risk Assessment
The risk involves potential full device compromise by an authenticated attacker, enabling further network attacks and unauthorized system access.
Recommendation
Immediately update the Anviz CX7 firmware to the latest version and restrict administrative panel access to trusted IP addresses only.
Original NVD description (English source)
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes.

