CVE-2026-49200
Acer Device Firmware Credential Exposure via Web Interface
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acer | wave_7_router | to T7c_GBL_1.01.000055 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized access to the acer_cgi.log file via the web interface, which contains cleartext login credentials. To detect this vulnerability, you can attempt to access the acer_cgi.log file on the affected Acer Wave 7 router's web interface without authentication.
A simple method to check for this vulnerability is to use a command-line tool like curl or wget to request the acer_cgi.log file from the router's IP address.
- curl http://<router-ip>/acer_cgi.log
- wget http://<router-ip>/acer_cgi.log -O -
If the file is accessible without authentication and contains cleartext credentials, the device is vulnerable.
Can you explain this vulnerability to me?
This vulnerability involves the acer_cgi.log file in the device firmware being accessible without authentication through the web interface.
The log file contains cleartext login credentials for both web and Telnet access, which can be exploited to gain unauthorized system access.
How can this vulnerability impact me? :
An attacker can access the acer_cgi.log file without authentication and retrieve cleartext login credentials.
This can lead to unauthorized system access, potentially allowing the attacker to control the device, inject persistent backdoors, and compromise network security.
What immediate steps should I take to mitigate this vulnerability?
Users are strongly advised to update their Acer Wave 7 router firmware to the latest version once the security patch is released, which is planned by the end of June 2026.
Until the patch is available, avoid exposing the router's web interface to untrusted networks to reduce the risk of unauthorized access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to cleartext login credentials via the acer_cgi.log file, which can lead to unauthorized system access. This exposure of sensitive authentication information can result in violations of data protection and security requirements mandated by standards such as GDPR and HIPAA, which require safeguarding of personal and sensitive data against unauthorized access.
Specifically, the lack of authentication and exposure of credentials could lead to breaches of confidentiality and integrity, undermining compliance with these regulations that mandate strict access controls and protection of sensitive information.