Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/05/29 8:57 a.m.39 views

CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 8:57 a.m.39 views

CVE-2026-49201

The CVE-2026-49201 entry concerns Acer Wave 7 routers (upload.cgi handling device backups) with a hardcoded AES encryption key. The underlying issue is a fixed cryptographic key embedded in the backup processing binary, enabling an attacker to decrypt, modify, and re-encrypt backups, which can fa...

10CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 8:51 a.m.13 views

CVE-2026-49200 Acer Wave 7 router: Broken Access Control

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS5.8AI score0.00518EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 8:51 a.m.41 views

CVE-2026-49200 Acer Wave 7 router: Broken Access Control

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS0.00518EPSS
Exploits0References1
Rows per page
Query Builder