CVE Catalog

CVE-2026-35546

Critical
Published: Translated: NVD NIST

Summary

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This allows attackers to upload crafted archives, leading to the execution of code and obtaining a reverse shell.

Risk Assessment

The risk to the organization is that attackers can remotely introduce malicious software, potentially compromising systems and data.

Recommendation

It is recommended to implement strict access controls for firmware updates and to monitor devices for unauthorized activities.

Original NVD description (English source)

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS