Skip to main content

Acer Predator Connect W6x CVE-2026-49195

| EUVDEUVD-2026-33261 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-05-29 Acer GHSA-2vr8-wh6w-3q8m
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 29, 2026 - 11:21 vuln.today
CVSS changed
May 29, 2026 - 09:22 NVD
8.7 (HIGH)
CVE Published
May 29, 2026 - 08:02 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.

AnalysisAI

Unauthenticated command execution on Acer Predator Connect W6x routers exposes the /sbin/mtk_dut debug binary on TCP port 9000, allowing any device on the LAN to issue arbitrary UCC (Unified Configuration Command) instructions without credentials. The flaw affects Predator Connect W6x firmware W6x_GBL_2.00.000005 and earlier, and at the time of analysis there is no public exploit identified, though the trivial protocol (raw TCP, no auth) makes weaponization straightforward once discovered.

Technical ContextAI

The Acer Predator Connect W6x is a MediaTek-based Wi-Fi 6E mesh router; the mtk_dut binary is a MediaTek 'Device Under Test' diagnostic/manufacturing utility typically used during factory calibration and RF testing, which exposes a UCC command interpreter. CWE-306 (Missing Authentication for a Critical Function) captures the root cause: the diagnostic listener was left bound to the LAN interface on TCP/9000 in shipping firmware without any authentication layer, so any client that can reach port 9000 can drive the same command surface a manufacturing technician would use. CPE cpe:2.3:a:acer:predator_connect_w6x covers the affected hardware line.

RemediationAI

Apply the firmware release published by Acer in the advisory at https://community.acer.com/en/kb/articles/19672 - no specific fixed-version string was provided in the available intelligence, so this is best described as patch available per vendor advisory rather than a confirmed version. Until the device is updated, restrict who can reach the router's LAN interface on TCP/9000: place the router on an isolated management VLAN, disable or strongly segment guest Wi-Fi from the management subnet, and use client isolation on any SSID where untrusted devices connect (trade-off: client isolation breaks AirPlay, Chromecast, and printer discovery). Where supported, add a host-based firewall rule on the router to drop inbound traffic to port 9000 on the LAN bridge; verify with an nmap scan from a wired and wireless client that 9000/tcp is filtered. Do not expose the LAN interface to untrusted IoT devices until patched.

Share

CVE-2026-49195 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy