CVE-2026-35061
Unauthorized Access to Anviz CX7 Firmware Reveals Sensitive Images
Publication date: 2026-04-17
Last updated on: 2026-05-04
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anviz | cx7_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows retrieval of the most recently captured test photo without authentication, exposing sensitive operational imagery.
This exposure of sensitive data could potentially impact compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding of sensitive information against unauthorized access.
However, specific details on how this vulnerability affects compliance with these standards are not provided.
Can you explain this vulnerability to me?
The Anviz CX7 Firmware has a vulnerability where the most recently captured test photo can be accessed without any authentication.
This means that anyone can retrieve sensitive operational imagery from the device without needing to log in or provide credentials.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive operational images.
Such exposure could compromise privacy or security by revealing information about the device's environment or operations.