VYPR

Predator Connect W6x Firmware

by Acer

CVEs (5)

  • CVE-2026-49199CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

  • CVE-2026-49197CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

  • CVE-2026-49195HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.

  • CVE-2026-49196HigMay 29, 2026
    risk 0.47cvss 7.2epss 0.00

    The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.

  • CVE-2026-49198MedMay 29, 2026
    risk 0.32cvss 4.9epss 0.00

    Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.