Authenticated CSV Upload Vulnerability in Anviz CX7 Firmware
CVE-2026-31927

4.9MEDIUM

Key Information:

Vendor: Anviz
Status: Anviz Cx7 Firmware
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-31927?

The Anviz CX7 Firmware has a security flaw that arises from an authenticated CSV upload process. This vulnerability allows an attacker to exploit a path traversal condition, enabling the unauthorized overwriting of critical files, including system files like /etc/shadow. When exploited in conjunction with specific changes to debug settings, this flaw can facilitate unauthorized SSH access, potentially compromising the integrity and security of the affected device.

Affected Version(s)

Anviz CX7 Firmware All versions

References

https://www.anviz.com/contact-us.html

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-31927 Data

JSON