Vulnerability in Anviz CX7 Firmware Exposes Deployment Environment through Unauthenticated Access
CVE-2026-33093

5.3MEDIUM

Key Information:

Vendor: Anviz
Status: Anviz Cx7 Firmware
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-33093?

The Anviz CX7 Firmware is susceptible to an unauthenticated POST request that enables unauthorized users to capture images via the device's front-facing camera. This security flaw exposes sensitive visual information about the deployment environment, potentially compromising user privacy and security. Organizations using this firmware should implement immediate security measures to protect against unauthorized access and mitigate risks associated with this vulnerability. Regular firmware updates and security audits are recommended to safeguard against such risks.

Affected Version(s)

Anviz CX7 Firmware All versions

References

https://www.anviz.com/contact-us.html

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-33093 Data

JSON