Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.
AnalysisAI
Credential disclosure in the Acer Wave 7 router (firmware T7c_GBL_1.01.000055 and earlier) exposes the acer_cgi.log file over the web interface without authentication, leaking cleartext web and Telnet login credentials to any network-reachable attacker. With CVSS 4.0 of 10.0 and a vector indicating no privileges or user interaction, exploitation enables full device takeover; no public exploit identified at time of analysis, but the trivial nature of fetching a log file makes weaponization straightforward.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against default configurations of the Acer Wave 7 router with firmware T7c_GBL_1.01.000055 or earlier; the attacker only needs network reachability to the router's web management interface and the acer_cgi.log endpoint must be served (the documented default behavior). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Every CVSS 4.0 signal points to maximum severity: network attack vector, low complexity, no privileges, no user interaction, and high confidentiality/integrity/availability impact on both the vulnerable component and subsequent systems (VC:H/VI:H/VA:H/SC:H/SI:H/SA:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same Wi-Fi network - or on the internet if WAN management is enabled - issues a single unauthenticated HTTP GET to the acer_cgi.log path on the router's web interface, parses the cleartext credentials out of the returned log, and logs in to the admin UI and Telnet service as the legitimate operator. From there the attacker can pivot to DNS hijacking, persistent backdoors via firmware/config changes, and lateral movement against LAN hosts. … |
| Remediation | Patch status from the provided data indicates the vulnerability was reported by Acer with an advisory at https://community.acer.com/en/kb/articles/19673, but no specific fixed firmware build is included in the input data - administrators should consult the Acer KB article for the vendor-released patched firmware and upgrade Wave 7 routers above T7c_GBL_1.01.000055. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Acer Wave 7 routers running firmware T7c_GBL_1.01.000055 or earlier; restrict web interface access to trusted administrative networks only via firewall rules. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Wave 7 Router
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33270
GHSA-xf88-3pmx-m4vw