Primary

Context

Anviz CX2 Lite Command Injection Vulnerability Allowing Root Access

Vulnerability

A command injection vulnerability has been identified in the Anviz CX2 Lite firmware, all versions. This vulnerability allows authenticated users to execute arbitrary commands by manipulating a filename parameter. Exploitation of this issue could lead to unauthorized root-level access on the device.

Impact

Exploitation of this vulnerability could result in authenticated command injection, allowing for arbitrary command execution with root privileges on the affected device.

Remediation

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information through their official contact page.

Added: Apr 17, 2026, 8:22 PM

Updated: Apr 17, 2026, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

3.3

remediation

7.9

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

3.3

remediation

7.9

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Anviz CX2 Lite Command Injection Vulnerability Allowing Root Access

Vulnerability

Impact

Remediation

Affected Products

Anviz CrossChex Standard

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating