{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35682", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-04-14T15:47:54.211Z", "datePublished": "2026-04-17T19:46:26.716Z", "dateUpdated": "2026-04-17T20:30:18.510Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-17T19:46:26.716Z"}, "title": "Anviz CX2 Lite Command Injection", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-77", "description": "CWE-77", "type": "CWE"}]}], "affected": [{"vendor": "Anviz", "product": "Anviz CX2 Lite Firmware", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Anviz\u00a0CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root\u2011level access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Anviz CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root\u2011level access."}]}], "references": [{"url": "https://www.anviz.com/contact-us.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "workarounds": [{"lang": "en", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."}]}], "source": {"advisory": "ICSA-26-106-03", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-17T20:30:04.932110Z", "id": "CVE-2026-35682", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T20:30:18.510Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35682", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-17T20:30:04.932110Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T20:30:09.762Z"}}], "cna": {"title": "Anviz CX2 Lite Command Injection", "source": {"advisory": "ICSA-26-106-03", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Anviz", "product": "Anviz CX2 Lite Firmware", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.anviz.com/contact-us.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}], "workarounds": [{"lang": "en", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "supportingMedia": [{"type": "text/html", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Anviz\u00a0CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root\u2011level access.", "supportingMedia": [{"type": "text/html", "value": "Anviz CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root\u2011level access.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-17T19:46:26.716Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35682", "state": "PUBLISHED", "dateUpdated": "2026-04-17T20:30:18.510Z", "dateReserved": "2026-04-14T15:47:54.211Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-04-17T19:46:26.716Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:anviz:cx2_lite_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A731810-52F9-4ABC-86DF-DE47AE6DF8C8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:anviz:cx2_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "411BABCF-9FBA-4687-B23C-986A197EC996", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Anviz\u00a0CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root\u2011level access."}], "id": "CVE-2026-35682", "lastModified": "2026-05-04T14:31:10.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-04-17T20:16:35.510", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory"], "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://www.anviz.com/contact-us.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "anviz_cx2_lite_firmware", "vendor": "anviz"}], "analysis": {"en": {"generated_at": "2026-04-18T09:04:05.071701+00:00", "value": {"mitigation_remediation": ["Contact Anviz support at https://www.anviz.com/contact-us.html to request a firmware patch or mitigation guidance.", "Isolate the device from untrusted networks by applying firewall rules or placing it on a segmented VLAN, thereby limiting exposure of the vulnerable interface.", "Disable or restrict the device\u2019s remote file upload or filename parameter functionality\u2014such as disabling the affected service or limiting it to trusted administrative IP addresses to mitigate command injection."], "summary": {"action": "Contact Vendor", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is the Anviz CX2 Lite firmware. No specific version information is listed in the CNA data.", "description_and_impact": "Anviz CX2 Lite firmware is vulnerable to an authenticated command injection via a filename parameter that allows an attacker to execute arbitrary system commands, such as starting the telnet daemon, thereby achieving root\u2011level control. This flaw provides full remote code execution capabilities against the affected device. The vulnerability stems from improper handling of user\u2011supplied filenames, classified as CWE\u201177.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity, while no EPSS value is available and the issue is not listed in the CISA KEV catalog. The flaw requires authenticated access to the device\u2019s management interface to supply the malicious filename. The attack vector is likely the network interface that accepts file upload or management commands. Given the high severity but uncertain exploitation probability, the risk is significant for exposed devices, especially those reachable via public or untrusted networks."}}}}, "created": "2026-04-18T09:15:15.964207+00:00", "updated": "2026-04-20T14:59:43.146141+00:00", "vendors": ["anviz", "anviz$PRODUCT$anviz_cx2_lite_firmware"]}