Unauthenticated Firmware Upload RCE in Anviz CX2 Lite and CX7

Successful exploitation results in unauthenticated remote code execution on the affected device. The available context indicates the attacker can plant and execute code and may obtain a reverse shell. Given the device executes the uploaded package contents, impact can include full compromise of the device, arbitrary modification of configuration or software state, persistence, disruption of device operation, and loss of confidentiality, integrity, and availability.

Until patches are fully deployed, minimize exposure of affected devices, keep them off the public internet, place them behind firewalls, and isolate them from business networks as recommended by CISA. Restrict access to device management and update interfaces to trusted administrative networks only. Disable or tightly control remote access paths, and if remote administration is required, use secure access methods such as VPNs. Monitor for unauthorized firmware/update uploads and unexpected outbound connections that could indicate reverse-shell activity. Perform impact analysis and risk assessment before applying defensive changes in operational environments.

Apply the vendor-provided fix or updated firmware referenced by Anviz and CISA for CVE-2026-40066. The vulnerable update/upload mechanism must be changed so that firmware or update packages are cryptographically verified before acceptance and execution, and untrusted packages are rejected. If a vendor patch is available, upgrade affected CX2 Lite and CX7 devices promptly in accordance with operational testing and change-control requirements.