CVE-2026-49200
10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Acer | Wave 7 router | T7c_GBL_1.01.000055 <= * | affected |
Weaknesses
- CWE-532: CWE-532: Sensitive information inserted into log archives
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.