Wave 7 Router
Monthly
Hardcoded AES encryption key in the upload.cgi binary of the Acer Wave 7 router (firmware T7c_GBL_1.01.000055 and earlier) allows remote unauthenticated attackers to decrypt, tamper with, and re-encrypt device backup files, enabling persistent backdoor injection on affected devices. The CVSS 4.0 score of 10.0 reflects full compromise of confidentiality, integrity, and availability across both the vulnerable component and downstream subsequent systems. No public exploit identified at time of analysis, and CISA SSVC reports exploitation status as 'none', though the issue is flagged as automatable with total technical impact.
Credential disclosure in the Acer Wave 7 router (firmware T7c_GBL_1.01.000055 and earlier) exposes the acer_cgi.log file over the web interface without authentication, leaking cleartext web and Telnet login credentials to any network-reachable attacker. With CVSS 4.0 of 10.0 and a vector indicating no privileges or user interaction, exploitation enables full device takeover; no public exploit identified at time of analysis, but the trivial nature of fetching a log file makes weaponization straightforward.
Hardcoded AES encryption key in the upload.cgi binary of the Acer Wave 7 router (firmware T7c_GBL_1.01.000055 and earlier) allows remote unauthenticated attackers to decrypt, tamper with, and re-encrypt device backup files, enabling persistent backdoor injection on affected devices. The CVSS 4.0 score of 10.0 reflects full compromise of confidentiality, integrity, and availability across both the vulnerable component and downstream subsequent systems. No public exploit identified at time of analysis, and CISA SSVC reports exploitation status as 'none', though the issue is flagged as automatable with total technical impact.
Credential disclosure in the Acer Wave 7 router (firmware T7c_GBL_1.01.000055 and earlier) exposes the acer_cgi.log file over the web interface without authentication, leaking cleartext web and Telnet login credentials to any network-reachable attacker. With CVSS 4.0 of 10.0 and a vector indicating no privileges or user interaction, exploitation enables full device takeover; no public exploit identified at time of analysis, but the trivial nature of fetching a log file makes weaponization straightforward.