CVE-2026-33569
Cleartext Transmission in Anviz CX2 Lite/CX7 Enables Credential Theft
Publication date: 2026-04-17
Last updated on: 2026-05-04
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anviz | cx7_firmware | * |
| anviz | cx2_lite_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Anviz CX2 Lite and CX7 devices where administrative sessions occur over HTTP instead of a secure protocol.
Because the sessions are transmitted in clear text, attackers positioned on the network path can intercept (sniff) credentials and session data.
With this intercepted information, attackers can compromise the device by gaining unauthorized access.
How can this vulnerability impact me? :
The vulnerability allows attackers to capture administrative credentials and session data, which can lead to unauthorized access to the affected devices.
This unauthorized access can compromise the security and integrity of the device, potentially allowing attackers to manipulate device functions or access sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves administrative sessions occurring over HTTP, which allows on-path attackers to sniff credentials and session data.
To detect this vulnerability on your network or system, you can monitor network traffic for unencrypted HTTP sessions to the Anviz CX2 Lite and CX7 devices.
- Use network packet capture tools like Wireshark or tcpdump to filter HTTP traffic to the device IP addresses.
- Example tcpdump command to capture HTTP traffic: tcpdump -i <interface> tcp port 80 and host <device_ip>
- Look for HTTP requests containing authentication credentials or session tokens in cleartext.
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability arises from administrative sessions occurring over unencrypted HTTP, the immediate mitigation step is to avoid using HTTP for administrative access.
- Configure the device to use HTTPS or another secure protocol for administrative sessions if supported.
- If HTTPS is not supported, restrict administrative access to trusted networks only.
- Monitor network traffic for unauthorized access attempts.
- Consider placing the device behind a VPN or secure gateway to protect administrative sessions.