Primary

Context

Anviz CX2 Lite and CX7 Cleartext Transmission of Credentials Vulnerability

Vulnerability

A vulnerability exists in Anviz CX2 Lite and CX7 products due to administrative sessions being conducted over HTTP. This flaw allows on-path attackers to intercept credentials and session data, potentially leading to unauthorized access and control over the devices.

Impact

Exploitation of this vulnerability could result in intercepted credentials and session data, allowing attackers to compromise the affected device.

Remediation

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information via their website.

Added: Apr 17, 2026, 8:26 PM

Updated: Apr 17, 2026, 8:26 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

4.0

remediation

7.9

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

4.0

remediation

7.9

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Anviz CX2 Lite and CX7 Cleartext Transmission of Credentials Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Anviz CrossChex Standard

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating