CVE-2026-35546

EPSS 0.59%
Veröffentlicht 17.04.2026 19:39:25
Zuletzt bearbeitet 04.05.2026 14:31:19
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Anviz Products Missing Authentication for Critical Function

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted 
archives to be accepted, enabling attackers to plant and execute code 
and obtain a reverse shell.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Anviz ≫ Cx7 Firmware Version-

Anviz ≫ Cx7 Version-

Anviz ≫ Cx2 Lite Firmware Version-

Anviz ≫ Cx2 Lite Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.434

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ics-cert@hq.dhs.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.anviz.com/contact-us.html

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

US Government Resource

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-35546

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-35546

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-35546

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-35546