Skip to main content

Acer Wave 7 Router CVE-2026-49200

| EUVDEUVD-2026-33270 CRITICAL
Insertion of Sensitive Information into Log File (CWE-532)
2026-05-29 Acer GHSA-xf88-3pmx-m4vw
10.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 29, 2026 - 11:20 vuln.today
CVSS changed
May 29, 2026 - 09:22 NVD
10.0 (CRITICAL)
CVE Published
May 29, 2026 - 08:51 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

AnalysisAI

Credential disclosure in the Acer Wave 7 router (firmware T7c_GBL_1.01.000055 and earlier) exposes the acer_cgi.log file over the web interface without authentication, leaking cleartext web and Telnet login credentials to any network-reachable attacker. With CVSS 4.0 of 10.0 and a vector indicating no privileges or user interaction, exploitation enables full device takeover; no public exploit identified at time of analysis, but the trivial nature of fetching a log file makes weaponization straightforward.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify Acer Wave 7 web interface
Delivery
Send unauthenticated GET for acer_cgi.log
Exploit
Extract cleartext web and Telnet credentials
Execution
Authenticate to admin UI and Telnet
Persist
Modify router configuration and persist
Impact
Pivot to LAN hosts and intercept traffic

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against default configurations of the Acer Wave 7 router with firmware T7c_GBL_1.01.000055 or earlier; the attacker only needs network reachability to the router's web management interface and the acer_cgi.log endpoint must be served (the documented default behavior). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Every CVSS 4.0 signal points to maximum severity: network attack vector, low complexity, no privileges, no user interaction, and high confidentiality/integrity/availability impact on both the vulnerable component and subsequent systems (VC:H/VI:H/VA:H/SC:H/SI:H/SA:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same Wi-Fi network - or on the internet if WAN management is enabled - issues a single unauthenticated HTTP GET to the acer_cgi.log path on the router's web interface, parses the cleartext credentials out of the returned log, and logs in to the admin UI and Telnet service as the legitimate operator. From there the attacker can pivot to DNS hijacking, persistent backdoors via firmware/config changes, and lateral movement against LAN hosts. …
Remediation Patch status from the provided data indicates the vulnerability was reported by Acer with an advisory at https://community.acer.com/en/kb/articles/19673, but no specific fixed firmware build is included in the input data - administrators should consult the Acer KB article for the vendor-released patched firmware and upgrade Wave 7 routers above T7c_GBL_1.01.000055. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Acer Wave 7 routers running firmware T7c_GBL_1.01.000055 or earlier; restrict web interface access to trusted administrative networks only via firewall rules. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49200 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy