CVE-2026-32648
Unauthenticated Access in Anviz CX2 Lite/CX7 Exposes Debug Info
Publication date: 2026-04-17
Last updated on: 2026-05-04
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anviz | cx7_firmware | * |
| anviz | cx2_lite_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated access to debug configuration details, which could assist attackers in reconnaissance against the device. This exposure of sensitive device configuration information may increase the risk of unauthorized access or data breaches.
Such unauthorized disclosure of device configuration details could potentially impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive information and maintaining device security to prevent unauthorized access.
Can you explain this vulnerability to me?
This vulnerability affects Anviz CX2 Lite and CX7 devices, allowing unauthenticated users to access and disclose debug configuration details such as SSH and RTTY status. This information can help attackers perform reconnaissance on the device.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive debug configuration details, which may assist attackers in gathering information about the device's setup and security posture. This reconnaissance can be used to plan further attacks or exploit other vulnerabilities.