本ページは acer wave_7_firmware に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-49201 | The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection. | 8fc372e3-d9c5-46e4-9410-38469745c639 | 10.0 | 0.02% | 2026-05-29 | 2026-06-08 |
| CVE-2026-49200 | The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access. | 8fc372e3-d9c5-46e4-9410-38469745c639 | 10.0 | 0.05% | 2026-05-29 | 2026-06-08 |