Acer Wave 7 Router vulnerabilities
2 known vulnerabilities affecting acer/wave_7_router.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2026-49200P2CRITICALCVSS 9.8≥ T7c_GBL_1.01.000055, ≤ *2026-05-29
CVE-2026-49200 [CRITICAL] CWE-532 CVE-2026-49200: The acer_cgi.log file in the device firmware is accessible without authentication via the web interf
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.
nvd
CVE-2026-49201P3CRITICALCVSS 9.8≥ T7c_GBL_1.01.000055, ≤ *2026-05-29
CVE-2026-49201 [CRITICAL] CWE-798 CVE-2026-49201: The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryptio
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.
nvd