CVE-2026-49200

Summary

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

Affected Software

VendorProductVersion RangeStatus
AcerWave 7 routerT7c_GBL_1.01.000055 <= *affected

Weaknesses

  • CWE-532: CWE-532: Sensitive information inserted into log archives

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References