CVE-2026-49195
Unauthenticated Debug Service in MTK DUT Binary
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acer | connect_w6x | From w6x_gbl_2.00.000008 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an unauthenticated debug service running on the Acer Connect W6x router. Specifically, the /sbin/mtk_dut binary is exposed on TCP port 9000 without requiring any authentication. This exposure allows any attacker within the local area network (LAN) to execute arbitrary UCC commands on the device.
How can this vulnerability impact me? :
Because the debug service is accessible without authentication, an attacker on the same LAN can execute arbitrary commands on the router. This can lead to unauthorized control over the device, potentially allowing the attacker to manipulate network traffic, disrupt services, or further compromise connected devices.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the /sbin/mtk_dut binary being exposed on TCP port 9000 without authentication, allowing arbitrary UCC command execution by any LAN-based attacker.
To detect this vulnerability on your network or system, you can scan for open TCP port 9000 on devices, especially Acer Connect W6x routers.
A common command to check for an open port 9000 is using nmap:
- nmap -p 9000 <target-ip>
If port 9000 is open, you may attempt to connect using telnet or netcat to see if the /sbin/mtk_dut service responds without authentication:
- telnet <target-ip> 9000
- nc <target-ip> 9000
Successful connection and response without authentication indicates the presence of the vulnerable debug service.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the firmware of the Acer Connect W6x router to version W6x_GBL_2.00.000008 or later.
This firmware update strengthens authentication on TCP port 9000, preventing unauthorized LAN-based access to the debug service.
Users should perform the update via the router admin console and avoid restarting or unplugging the router during the update process.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated access to a debug service on the Acer Connect W6x router, enabling any LAN-based attacker to execute arbitrary commands. This unauthorized access could lead to exposure or manipulation of sensitive data, which may impact compliance with data protection standards such as GDPR and HIPAA that require safeguarding personal and health information against unauthorized access.
By allowing arbitrary command execution without authentication, the device fails to enforce adequate access controls, a key requirement in many regulatory frameworks. This increases the risk of data breaches and unauthorized data processing, potentially resulting in non-compliance with these standards.
Acer has addressed this issue by releasing a firmware update that strengthens authentication on the affected TCP port, mitigating the risk and helping users maintain compliance.