CVE-2026-49200
Analyzed Analyzed - Analysis Complete
Acer Device Firmware Credential Exposure via Web Interface

Publication date: 2026-05-29

Last updated on: 2026-06-08

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-08
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-49200
EUVD
EUVD-2026-33270
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer wave_7_firmware to t7c_gbl_1.01.000055 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability involves unauthorized access to the acer_cgi.log file via the web interface, which contains cleartext login credentials. To detect this vulnerability, you can attempt to access the acer_cgi.log file on the affected Acer Wave 7 router's web interface without authentication.

A simple method to check for this vulnerability is to use a command-line tool like curl or wget to request the acer_cgi.log file from the router's IP address.

  • curl http://<router-ip>/acer_cgi.log
  • wget http://<router-ip>/acer_cgi.log -O -

If the file is accessible without authentication and contains cleartext credentials, the device is vulnerable.

Executive Summary

This vulnerability involves the acer_cgi.log file in the device firmware being accessible without authentication through the web interface.

The log file contains cleartext login credentials for both web and Telnet access, which can be exploited to gain unauthorized system access.

Impact Analysis

An attacker can access the acer_cgi.log file without authentication and retrieve cleartext login credentials.

This can lead to unauthorized system access, potentially allowing the attacker to control the device, inject persistent backdoors, and compromise network security.

Mitigation Strategies

Users are strongly advised to update their Acer Wave 7 router firmware to the latest version once the security patch is released, which is planned by the end of June 2026.

Until the patch is available, avoid exposing the router's web interface to untrusted networks to reduce the risk of unauthorized access.

Compliance Impact

The vulnerability allows unauthorized access to cleartext login credentials via the acer_cgi.log file, which can lead to unauthorized system access. This exposure of sensitive authentication information can result in violations of data protection and security requirements mandated by standards such as GDPR and HIPAA, which require safeguarding of personal and sensitive data against unauthorized access.

Specifically, the lack of authentication and exposure of credentials could lead to breaches of confidentiality and integrity, undermining compliance with these regulations that mandate strict access controls and protection of sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49200. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart