CVE-2026-49200
published 2026-05-29CVE-2026-49200: The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.52%
40.1th percentile
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acer | wave_7_firmware | <= t7c_gbl_1.01.000055 | — |
| acer | wave_7_router | T7c_GBL_1.01.000055 – * | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor unauthenticated HTTP GET requests to the acer_cgi.log file path on the router web interface, which would indicate exploitation of the broken access control vulnerability. ↗
- →Alert on Telnet login attempts using credentials that may have been harvested from the exposed acer_cgi.log file, particularly from external/untrusted IP addresses. ↗
- ·Both CVEs are rated maximum severity and are unpatched zero-days; remote management should be disabled or restricted to trusted IPs as an interim mitigation. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
blogs_hackernews·2026-06-08·CVSS 8.4
CVE-2025-48595 [HIGH] ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked.
A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and stealing it bit by bit.
Lots to cover. Grab coffee. Read up.
## ⚡ Threat of the Week
Miasma Worm Hits 73 Microsoft GitHub Repositories in Supply Chain
Bleepingcomputer
Acer working to patch max severity zero-days in Wave 7 routers
blogs_bleepingcomputer·2026-06-03·CVSS 10.0
CVE-2026-49200 [CRITICAL] Acer working to patch max severity zero-days in Wave 7 routers
## Acer working to patch max severity zero-days in Wave 7 routers
## Sergiu Gatlan
Acer confirmed that it's working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers.
According to a Friday security advisory , the two security flaws were reported by security researcher Gergo Pap and affect Wave 7 routers running firmware version T7c_GBL_1.01.000055 or earlier.
The first zero-day, a broken access control vulnerability tracked as CVE-2026-49200 , can allow unauthenticated attackers to remotely access plaintext credentials stored in log archives.
"The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system
2026-05-29
Published