{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35061", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-04-14T15:52:06.295Z", "datePublished": "2026-04-17T19:19:25.884Z", "dateUpdated": "2026-04-17T20:07:00.826Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-17T19:19:25.884Z"}, "title": "Anviz Products Missing Authorization", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862", "type": "CWE"}]}], "affected": [{"vendor": "Anviz", "product": "Anviz CX7 Firmware", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Anviz CX7 Firmware\u00a0is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery."}]}], "references": [{"url": "https://www.anviz.com/contact-us.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "workarounds": [{"lang": "en", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."}]}], "source": {"advisory": "ICSA-26-106-03", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-17T20:06:50.544830Z", "id": "CVE-2026-35061", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T20:07:00.826Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35061", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-17T20:06:50.544830Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T20:06:53.454Z"}}], "cna": {"title": "Anviz Products Missing Authorization", "source": {"advisory": "ICSA-26-106-03", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Anviz", "product": "Anviz CX7 Firmware", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.anviz.com/contact-us.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}], "workarounds": [{"lang": "en", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "supportingMedia": [{"type": "text/html", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Anviz CX7 Firmware\u00a0is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery.", "supportingMedia": [{"type": "text/html", "value": "Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-17T19:19:25.884Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35061", "state": "PUBLISHED", "dateUpdated": "2026-04-17T20:07:00.826Z", "dateReserved": "2026-04-14T15:52:06.295Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-04-17T19:19:25.884Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:anviz:cx7_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "76C4D6EB-2046-4102-B450-4CF7FF2D2522", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:anviz:cx7:-:*:*:*:*:*:*:*", "matchCriteriaId": "048A5AAF-E261-4EB3-899E-B5DC816C25D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Anviz CX7 Firmware\u00a0is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery."}], "id": "CVE-2026-35061", "lastModified": "2026-05-04T14:31:26.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-04-17T20:16:35.117", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory"], "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://www.anviz.com/contact-us.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "anviz_cx7_firmware", "vendor": "anviz"}], "analysis": {"en": {"generated_at": "2026-04-18T09:08:17.899514+00:00", "value": {"mitigation_remediation": ["Apply any firmware update from Anviz that addresses the missing authorization issue.", "Restrict network traffic to the photo retrieval endpoint by configuring firewall rules or placing the device in a separate VLAN.", "Coordinate with Anviz support for a vendor\u2011issued fix or temporary workaround and monitor advisories for updates.", "If possible, disable the photo retrieval feature to prevent unauthorized access until a patch is available."], "summary": {"action": "Contact Vendor", "impact": "Unauthorized Access to Sensitive Imagery"}, "threat_synthesis": {"affected_systems": "The vulnerability is specific to Anviz CX7 firmware devices. No other vendors, products, or versions are known to be affected based on the current CNA data.", "description_and_impact": "Anviz CX7 Firmware allows retrieval of test photos without requiring authentication, exposing sensitive operational imagery to anyone who can reach the device. This flaw represents a missing authorization weakness (CWE-862) and can lead to a confidentiality breach of captured images, as the attacker can view or capture internal photographs without permission.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a medium severity impact. The EPSS score is not available, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting lower immediate exploitation likelihood. However, without authentication, an attacker can access the photo endpoint remotely if the device is exposed to a network that can reach it. The lack of an official patch or work\u2011around from Anviz implies that the risk persists until the vendor provides a fix."}}}}, "created": "2026-04-18T09:15:15.965612+00:00", "updated": "2026-04-20T15:05:24.986545+00:00", "vendors": ["anviz", "anviz$PRODUCT$anviz_cx7_firmware"]}