Predator Connect W6X
Monthly
Remote unauthenticated command injection in the Acer Predator Connect W6x router enables root-level code execution via crafted MQTT messages, scoring a maximum 10.0 CVSS v4.0 across all impact metrics including subsequent system impact. The flaw was disclosed by Acer and tracked in the ENISA EUVD as EUVD-2026-33269, but no public exploit identified at time of analysis. Affects firmware W6x_GBL_2.00.000005 and earlier, with no special authentication or user interaction required.
Information disclosure in the Acer Predator Connect W6x router's MQTT broker allows authenticated low-privileged actors to subscribe to wildcard topics and observe all MQTT traffic traversing the device. The flaw stems from improper access control (CWE-284) on broker subscriptions, enabling cross-tenant data exposure with high confidentiality impact and scope change to other subscribed services. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Authentication bypass in Acer Predator Connect W6x routers (firmware W6x_GBL_2.00.000005 and earlier) allows remote unauthenticated attackers to reach app-facing web endpoints by sending an HTTP Authorization header whose Base64 payload is intentionally malformed, because the endpoint treats a decoding failure as a pass rather than a rejection. The CVSS 4.0 score of 10.0 (AV:N/AC:L/PR:N/UI:N with high confidentiality, integrity, availability impact on both vulnerable and subsequent systems) reflects full takeover potential against an internet-reachable consumer/SOHO router, though no public exploit identified at time of analysis.
Command injection in the Acer Predator Connect W6x router allows authenticated high-privilege attackers to execute arbitrary shell commands by submitting a crafted MAC address through the Wi-Fi device blocking feature. The flaw stems from insufficient input sanitization on a value that is passed to a shell context, and at the time of analysis no public exploit has been identified and the issue is not listed in CISA KEV. With a CVSS 4.0 base score of 8.6, the bug confers full confidentiality, integrity and availability impact on the device itself.
Unauthenticated command execution on Acer Predator Connect W6x routers exposes the /sbin/mtk_dut debug binary on TCP port 9000, allowing any device on the LAN to issue arbitrary UCC (Unified Configuration Command) instructions without credentials. The flaw affects Predator Connect W6x firmware W6x_GBL_2.00.000005 and earlier, and at the time of analysis there is no public exploit identified, though the trivial protocol (raw TCP, no auth) makes weaponization straightforward once discovered.
Remote unauthenticated command injection in the Acer Predator Connect W6x router enables root-level code execution via crafted MQTT messages, scoring a maximum 10.0 CVSS v4.0 across all impact metrics including subsequent system impact. The flaw was disclosed by Acer and tracked in the ENISA EUVD as EUVD-2026-33269, but no public exploit identified at time of analysis. Affects firmware W6x_GBL_2.00.000005 and earlier, with no special authentication or user interaction required.
Information disclosure in the Acer Predator Connect W6x router's MQTT broker allows authenticated low-privileged actors to subscribe to wildcard topics and observe all MQTT traffic traversing the device. The flaw stems from improper access control (CWE-284) on broker subscriptions, enabling cross-tenant data exposure with high confidentiality impact and scope change to other subscribed services. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Authentication bypass in Acer Predator Connect W6x routers (firmware W6x_GBL_2.00.000005 and earlier) allows remote unauthenticated attackers to reach app-facing web endpoints by sending an HTTP Authorization header whose Base64 payload is intentionally malformed, because the endpoint treats a decoding failure as a pass rather than a rejection. The CVSS 4.0 score of 10.0 (AV:N/AC:L/PR:N/UI:N with high confidentiality, integrity, availability impact on both vulnerable and subsequent systems) reflects full takeover potential against an internet-reachable consumer/SOHO router, though no public exploit identified at time of analysis.
Command injection in the Acer Predator Connect W6x router allows authenticated high-privilege attackers to execute arbitrary shell commands by submitting a crafted MAC address through the Wi-Fi device blocking feature. The flaw stems from insufficient input sanitization on a value that is passed to a shell context, and at the time of analysis no public exploit has been identified and the issue is not listed in CISA KEV. With a CVSS 4.0 base score of 8.6, the bug confers full confidentiality, integrity and availability impact on the device itself.
Unauthenticated command execution on Acer Predator Connect W6x routers exposes the /sbin/mtk_dut debug binary on TCP port 9000, allowing any device on the LAN to issue arbitrary UCC (Unified Configuration Command) instructions without credentials. The flaw affects Predator Connect W6x firmware W6x_GBL_2.00.000005 and earlier, and at the time of analysis there is no public exploit identified, though the trivial protocol (raw TCP, no auth) makes weaponization straightforward once discovered.