Primary

Context

Anviz CX7 Firmware Path Traversal Vulnerability Allowing Unauthorized SSH Access

Vulnerability

A vulnerability exists in Anviz CX7 Firmware that allows authenticated users to upload CSV files, which can be exploited to perform a path traversal attack. This vulnerability enables the overwriting of arbitrary files, such as the /etc/shadow file. When combined with certain changes to the device's debug settings, this flaw could be used to gain unauthorized SSH access to the device.

Impact

Exploitation of this vulnerability could lead to unauthorized SSH access on the affected device.

Remediation

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information.

Added: Apr 17, 2026, 8:33 PM

Updated: Apr 17, 2026, 8:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

6.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

6.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Anviz CX7 Firmware Path Traversal Vulnerability Allowing Unauthorized SSH Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating