CVE-2026-49200

UNKNOWN 0.0

Acer Wave 7 router: Broken Access Control

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

CWE	CWE-532
Vendor	acer
Product	wave 7 router
Published	May 29, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for acer wave 7 router

Be the first to know when new unknown vulnerabilities affecting acer wave 7 router are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Acer / Wave 7 router

T7c_GBL_1.01.000055 ≤ *

References

NVD ↗ CVE.org ↗ EPSS Data ↗

community.acer.com: https://community.acer.com/en/kb/articles/19673

Credits

🔍 Gergo Pap