CVE 10 CRITICAL

Acer Wave 7 router: Broken Access Control_CVE-2026-49200

May 29, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

AI Analysis

Unauthenticated access to the acer_cgi.log file, containing cleartext login credentials, allows unauthorized system access.

Basic Information

ID CVE-2026-49200

Source Acer

Published May 29, 2026 at 08:51

Affected Product

Vendor Acer

Product Wave 7 router

Version T7c_GBL_1.01.000055

Affected Versions Acer Wave 7 router T7c_GBL_1.01.000055

CWE Classification

CWE-532

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Acer

Product Wave 7 router

Version T7c_GBL_1.01.000055

References

community.acer.com /en/kb/articles/19673

{
    "lastseen": "",
    "description": "The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.",
    "published": "2026-05-29T08:51:15.717Z",
    "modified": "2026-05-29T08:51:15.717Z",
    "type": "cve",
    "title": "Acer Wave 7 router: Broken Access Control",
    "source": "Acer",
    "references": "https://community.acer.com/en/kb/articles/19673",
    "id": "CVE-2026-49200",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "Acer Wave 7 router T7c_GBL_1.01.000055",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Wave 7 router",
    "version": "T7c_GBL_1.01.000055",
    "vendor": "Acer",
    "ai_description": "Unauthenticated access to the acer_cgi.log file, containing cleartext login credentials, allows unauthorized system access.",
    "ai_severity": "Critical",
    "ai_vendor": "Acer",
    "ai_product": "Wave 7 router",
    "ai_version": "T7c_GBL_1.01.000055",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply