CVE-2026-33093
Unauthenticated Remote Camera Capture in Anviz CX7 Firmware
Publication date: 2026-04-17
Last updated on: 2026-05-04
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anviz | cx7_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Anviz CX7 Firmware has a vulnerability that allows an unauthenticated attacker to send a POST request to the device, which triggers the front-facing camera to capture a photo. This means that someone without any credentials or permissions can remotely take pictures using the device's camera.
This exposure of visual information can reveal details about the environment where the device is deployed.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized individuals to capture images of your physical environment without your knowledge or consent.
Such unauthorized access to visual information can lead to privacy breaches and potentially expose sensitive or confidential information about the deployment location.