4 matches found
CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...
CVE-2026-49201
The CVE-2026-49201 entry concerns Acer Wave 7 routers (upload.cgi handling device backups) with a hardcoded AES encryption key. The underlying issue is a fixed cryptographic key embedded in the backup processing binary, enabling an attacker to decrypt, modify, and re-encrypt backups, which can fa...
CVE-2026-49200 Acer Wave 7 router: Broken Access Control
The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...
CVE-2026-49200 Acer Wave 7 router: Broken Access Control
The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...