CVE-2026-33569
Received
Received - Intake
Cleartext Transmission in Anviz CX2 Lite/CX7 Enables Credential Theft
Vulnerability report for CVE-2026-33569, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-17
Last updated on: 2026-05-04
Assigner: ICS-CERT
Description
Description
Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling
on‑path attackers to sniff credentials and session data, which can be
used to compromise the device.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anviz | cx7_firmware | * |
| anviz | cx2_lite_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |