Primary

Context

Anviz CX7 Firmware MQTT Traffic Decryption Vulnerability

Vulnerability

A vulnerability exists in Anviz CX7 Firmware due to the inclusion of reusable certificate and key material within the application. This flaw allows for the decryption of MQTT traffic, potentially enabling unauthorized interaction with device messaging channels on a large scale.

Impact

Exploitation of this vulnerability could lead to unauthorized decryption of MQTT traffic, allowing attackers to intercept and manipulate communications with the device.

Remediation

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information.

Added: Apr 17, 2026, 8:32 PM

Updated: Apr 17, 2026, 8:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.9

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.9

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Anviz CX7 Firmware MQTT Traffic Decryption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating