CVE-2026-40461

EPSS 0.29%
Veröffentlicht 17.04.2026 19:36:29
Zuletzt bearbeitet 04.05.2026 14:30:29
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Anviz Products Missing Authentication for Critical Function

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug 
settings (e.g., enabling SSH), allowing unauthorized state changes that 
can facilitate later compromise.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Anviz ≫ Cx7 Firmware Version-

Anviz ≫ Cx7 Version-

Anviz ≫ Cx2 Lite Firmware Version-

Anviz ≫ Cx2 Lite Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.2

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ics-cert@hq.dhs.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.anviz.com/contact-us.html

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

US Government Resource

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-40461

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-40461

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-40461

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-40461