CVE-2026-33569

MEDIUM

Anviz Products Cleartext Transmission of Sensitive Information

Title source: cna

Description

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.

References (3)

https://www.anviz.com/contact-us.html

https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json

View Writeup ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-319

Status published

Products (2)

Anviz/Anviz CX2 Lite Firmware All versions

Anviz/Anviz CX7 Firmware All versions

Published Apr 17, 2026

Tracked Since Apr 18, 2026