CVE-2026-49200 | THREATINT

Description

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

PUBLISHED Reserved 2026-05-28 | Published 2026-05-29 | Updated 2026-05-29 | Assigner Acer

CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-532: Sensitive information inserted into log archives

Product status

Default status

unaffected

T7c_GBL_1.01.000055 (custom)

affected

Credits

Gergo Pap reporter

References

community.acer.com/en/kb/articles/19673

cve.org (CVE-2026-49200)

nvd.nist.gov (CVE-2026-49200)

Download JSON