Unauthorized Access Risk in Acer Device Firmware Due to Log File Exposure
CVE-2026-49200

10CRITICAL

Key Information:

Vendor: Acer
Status: Wave 7 Router
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-49200?

A significant security issue has been identified in Acer device firmware that allows unauthorized access to the acer_cgi.log file via the web interface without authentication. This file contains sensitive login credentials in cleartext for both web and Telnet interfaces, potentially granting unauthorized users access to the system. Organizations using affected Acer firmware versions are urged to secure their devices and review their security practices.

Affected Version(s)

Wave 7 router Windows T7c_GBL_1.01.000055

References

https://community.acer.com/en/kb/articles/19673

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 28, 2026

Credit

Gergo Pap

CVE-2026-49200 Data

JSON