CVE-2026-40461

· NIST NVD ↗

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.

HIGH
CVSS severity
7.5
CVSS base score
2026-04-17
Published

CWE codes

CWE-306

Affected products

anviz:cx7_firmwareanviz:cx7anviz:cx2_lite_firmwareanviz:cx2_lite

Sources