Critical severity9.8NVD Advisory· Published May 29, 2026· Updated Jun 8, 2026
CVE-2026-49200
CVE-2026-49200
Description
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.
Affected products
2Patches
Vulnerability mechanics
References
1- community.acer.com/en/kb/articles/19673nvdVendor Advisory
News mentions
2- ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and MoreThe Hacker News · Jun 8, 2026
- Acer working to patch max severity zero-days in Wave 7 routersBleepingComputer · Jun 3, 2026