CVE-2026-40461

EUVD-2026-23498
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug 
settings (e.g., enabling SSH), allowing unauthorized state changes that 
can facilitate later compromise.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
anvizcx7_firmware
-
anvizcx2_lite_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
https://www.anviz.com/contact-us.html
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03