Ghostwire

CVE-2026-35546: Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted,...

CRITICAL CVSS 9.5

Published: April 17, 2026 | Last Modified: April 17, 2026

Description

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.

Ghostwire Analysis — What This Means Practically

Critical CVSS score indicates maximum severity — remote code execution, authentication bypass, or complete system compromise is likely possible.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

www.tenable.com/cve/CVE-2026-35546
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-35546