CVE-2026-33569

MEDIUM

Anviz Products Cleartext Transmission of Sensitive Information

Title source: cna
STIX 2.1

Description

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.

References (3)

Core 3

Scores

CVSS v3 6.5
EPSS 0.0019
EPSS Percentile 8.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-319
Status published
Products (4)
Anviz/Anviz CX2 Lite Firmware All versions
Anviz/Anviz CX7 Firmware All versions
anviz/cx2_lite_firmware
anviz/cx7_firmware
Published Apr 17, 2026
Tracked Since Apr 18, 2026