CVE-2026-40066

· NIST NVD ↗

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution.

HIGH
CVSS severity
8.8
CVSS base score
2026-04-17
Published

CWE codes

CWE-494

Affected products

anviz:cx7_firmwareanviz:cx7anviz:cx2_lite_firmwareanviz:cx2_lite

Sources