Credential Exposure in Anviz CX2 Lite and CX7 Administrative Sessions
CVE-2026-33569

6.5MEDIUM

Key Information:

Vendor: Anviz
Status: Anviz Cx7 Firmware; Anviz Cx2 Lite Firmware
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-33569?

The Anviz CX2 Lite and CX7 devices use unsecured HTTP for administrative session communication. This vulnerability allows on-path attackers to intercept and capture credentials as well as session data. Such exposure potentially permits unauthorized access and manipulation of these devices, posing significant risks to the security and integrity of the affected systems.

Affected Version(s)

Anviz CX2 Lite Firmware All versions

Anviz CX7 Firmware All versions

References

https://www.anviz.com/contact-us.html

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-33569 Data

JSON