CVE Catalog

CVE-2026-31927

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

28th percentile - higher than 28% of all known CVEs

Summary

A vulnerability in Anviz CX7 firmware allows an authenticated attacker to upload a CSV file with path traversal, overwriting arbitrary files such as /etc/shadow. Combined with debug-setting changes, this can lead to unauthorized SSH access.

Risk Assessment

The risk involves potential full device compromise by an authenticated attacker, enabling further network attacks and unauthorized system access.

Recommendation

Immediately update the Anviz CX7 firmware to the latest version and restrict administrative panel access to trusted IP addresses only.

Original NVD description (English source)

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS