Skip to main content

Predator Connect W6X

5 CVEs product

Monthly

CVE-2026-49199 CRITICAL Act Now

Remote unauthenticated command injection in the Acer Predator Connect W6x router enables root-level code execution via crafted MQTT messages, scoring a maximum 10.0 CVSS v4.0 across all impact metrics including subsequent system impact. The flaw was disclosed by Acer and tracked in the ENISA EUVD as EUVD-2026-33269, but no public exploit identified at time of analysis. Affects firmware W6x_GBL_2.00.000005 and earlier, with no special authentication or user interaction required.

Command Injection RCE Predator Connect W6X
NVD VulDB
CVSS 4.0
10.0
EPSS
0.7%
CVE-2026-49198 HIGH This Week

Information disclosure in the Acer Predator Connect W6x router's MQTT broker allows authenticated low-privileged actors to subscribe to wildcard topics and observe all MQTT traffic traversing the device. The flaw stems from improper access control (CWE-284) on broker subscriptions, enabling cross-tenant data exposure with high confidentiality impact and scope change to other subscribed services. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass Predator Connect W6X
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-49197 CRITICAL Act Now

Authentication bypass in Acer Predator Connect W6x routers (firmware W6x_GBL_2.00.000005 and earlier) allows remote unauthenticated attackers to reach app-facing web endpoints by sending an HTTP Authorization header whose Base64 payload is intentionally malformed, because the endpoint treats a decoding failure as a pass rather than a rejection. The CVSS 4.0 score of 10.0 (AV:N/AC:L/PR:N/UI:N with high confidentiality, integrity, availability impact on both vulnerable and subsequent systems) reflects full takeover potential against an internet-reachable consumer/SOHO router, though no public exploit identified at time of analysis.

Authentication Bypass Predator Connect W6X
NVD VulDB
CVSS 4.0
10.0
EPSS
0.0%
CVE-2026-49196 HIGH This Week

Command injection in the Acer Predator Connect W6x router allows authenticated high-privilege attackers to execute arbitrary shell commands by submitting a crafted MAC address through the Wi-Fi device blocking feature. The flaw stems from insufficient input sanitization on a value that is passed to a shell context, and at the time of analysis no public exploit has been identified and the issue is not listed in CISA KEV. With a CVSS 4.0 base score of 8.6, the bug confers full confidentiality, integrity and availability impact on the device itself.

Command Injection Predator Connect W6X
NVD VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-49195 HIGH This Week

Unauthenticated command execution on Acer Predator Connect W6x routers exposes the /sbin/mtk_dut debug binary on TCP port 9000, allowing any device on the LAN to issue arbitrary UCC (Unified Configuration Command) instructions without credentials. The flaw affects Predator Connect W6x firmware W6x_GBL_2.00.000005 and earlier, and at the time of analysis there is no public exploit identified, though the trivial protocol (raw TCP, no auth) makes weaponization straightforward once discovered.

Authentication Bypass Predator Connect W6X
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
EPSS 1% CVSS 10.0
CRITICAL Act Now

Remote unauthenticated command injection in the Acer Predator Connect W6x router enables root-level code execution via crafted MQTT messages, scoring a maximum 10.0 CVSS v4.0 across all impact metrics including subsequent system impact. The flaw was disclosed by Acer and tracked in the ENISA EUVD as EUVD-2026-33269, but no public exploit identified at time of analysis. Affects firmware W6x_GBL_2.00.000005 and earlier, with no special authentication or user interaction required.

Command Injection RCE Predator Connect W6X
NVD VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Information disclosure in the Acer Predator Connect W6x router's MQTT broker allows authenticated low-privileged actors to subscribe to wildcard topics and observe all MQTT traffic traversing the device. The flaw stems from improper access control (CWE-284) on broker subscriptions, enabling cross-tenant data exposure with high confidentiality impact and scope change to other subscribed services. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass Predator Connect W6X
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Authentication bypass in Acer Predator Connect W6x routers (firmware W6x_GBL_2.00.000005 and earlier) allows remote unauthenticated attackers to reach app-facing web endpoints by sending an HTTP Authorization header whose Base64 payload is intentionally malformed, because the endpoint treats a decoding failure as a pass rather than a rejection. The CVSS 4.0 score of 10.0 (AV:N/AC:L/PR:N/UI:N with high confidentiality, integrity, availability impact on both vulnerable and subsequent systems) reflects full takeover potential against an internet-reachable consumer/SOHO router, though no public exploit identified at time of analysis.

Authentication Bypass Predator Connect W6X
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Command injection in the Acer Predator Connect W6x router allows authenticated high-privilege attackers to execute arbitrary shell commands by submitting a crafted MAC address through the Wi-Fi device blocking feature. The flaw stems from insufficient input sanitization on a value that is passed to a shell context, and at the time of analysis no public exploit has been identified and the issue is not listed in CISA KEV. With a CVSS 4.0 base score of 8.6, the bug confers full confidentiality, integrity and availability impact on the device itself.

Command Injection Predator Connect W6X
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Unauthenticated command execution on Acer Predator Connect W6x routers exposes the /sbin/mtk_dut debug binary on TCP port 9000, allowing any device on the LAN to issue arbitrary UCC (Unified Configuration Command) instructions without credentials. The flaw affects Predator Connect W6x firmware W6x_GBL_2.00.000005 and earlier, and at the time of analysis there is no public exploit identified, though the trivial protocol (raw TCP, no auth) makes weaponization straightforward once discovered.

Authentication Bypass Predator Connect W6X
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy