Acer Predator Connect W6X vulnerabilities
5 known vulnerabilities affecting acer/predator_connect_w6x.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-49199P2CRITICALCVSS 9.8≥ W6x_GBL_2.00.000005, ≤ *2026-05-29
CVE-2026-49199 [CRITICAL] CWE-77 CVE-2026-49199: Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the t
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
nvd
CVE-2026-49195P2HIGHCVSS 8.8≥ W6x_GBL_2.00.000005, ≤ *2026-05-29
CVE-2026-49195 [HIGH] CWE-306 CVE-2026-49195: Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authenti
Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.
nvd
CVE-2026-49197P3CRITICALCVSS 9.8≥ W6x_GBL_2.00.000005, ≤ *2026-05-29
CVE-2026-49197 [CRITICAL] CWE-287 CVE-2026-49197: Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, f
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.
nvd
CVE-2026-49196P3HIGHCVSS 7.2≥ W6x_GBL_2.00.000005, ≤ *2026-05-29
CVE-2026-49196 [HIGH] CWE-77 CVE-2026-49196: The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execut
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.
nvd
CVE-2026-49198P4MEDIUMCVSS 4.9≥ W6x_GBL_2.00.000005, ≤ *2026-05-29
CVE-2026-49198 [MEDIUM] CWE-284 CVE-2026-49198: Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT tr
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.
nvd