CVE-2026-35682

Summary

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access.

Affected Software

VendorProductVersion RangeStatus
AnvizAnviz CX2 Lite FirmwareAll versionsaffected

Weaknesses

  • CWE-77: CWE-77

Workarounds

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information at https://www.anviz.com/contact-us.html.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References