CVE-2026-49195
Analyzed Analyzed - Analysis Complete
Unauthenticated Debug Service in MTK DUT Binary

Publication date: 2026-05-29

Last updated on: 2026-06-08

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-08
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-49195
EUVD
EUVD-2026-33261
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer predator_connect_w6x_firmware to w6x_gbl_2.00.000005 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves an unauthenticated debug service running on the Acer Connect W6x router. Specifically, the /sbin/mtk_dut binary is exposed on TCP port 9000 without requiring any authentication. This exposure allows any attacker within the local area network (LAN) to execute arbitrary UCC commands on the device.

Impact Analysis

Because the debug service is accessible without authentication, an attacker on the same LAN can execute arbitrary commands on the router. This can lead to unauthorized control over the device, potentially allowing the attacker to manipulate network traffic, disrupt services, or further compromise connected devices.

Detection Guidance

This vulnerability involves the /sbin/mtk_dut binary being exposed on TCP port 9000 without authentication, allowing arbitrary UCC command execution by any LAN-based attacker.

To detect this vulnerability on your network or system, you can scan for open TCP port 9000 on devices, especially Acer Connect W6x routers.

A common command to check for an open port 9000 is using nmap:

  • nmap -p 9000 <target-ip>

If port 9000 is open, you may attempt to connect using telnet or netcat to see if the /sbin/mtk_dut service responds without authentication:

  • telnet <target-ip> 9000
  • nc <target-ip> 9000

Successful connection and response without authentication indicates the presence of the vulnerable debug service.

Mitigation Strategies

The immediate mitigation step is to update the firmware of the Acer Connect W6x router to version W6x_GBL_2.00.000008 or later.

This firmware update strengthens authentication on TCP port 9000, preventing unauthorized LAN-based access to the debug service.

Users should perform the update via the router admin console and avoid restarting or unplugging the router during the update process.

Compliance Impact

The vulnerability allows unauthenticated access to a debug service on the Acer Connect W6x router, enabling any LAN-based attacker to execute arbitrary commands. This unauthorized access could lead to exposure or manipulation of sensitive data, which may impact compliance with data protection standards such as GDPR and HIPAA that require safeguarding personal and health information against unauthorized access.

By allowing arbitrary command execution without authentication, the device fails to enforce adequate access controls, a key requirement in many regulatory frameworks. This increases the risk of data breaches and unauthorized data processing, potentially resulting in non-compliance with these standards.

Acer has addressed this issue by releasing a firmware update that strengthens authentication on the affected TCP port, mitigating the risk and helping users maintain compliance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49195. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart