This page lists publicly disclosed CVE vulnerabilities affecting acer wave_7_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-49201 | The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection. | 8fc372e3-d9c5-46e4-9410-38469745c639 | 10.0 | 0.02% | 2026-05-29 | 2026-06-08 |
| CVE-2026-49200 | The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access. | 8fc372e3-d9c5-46e4-9410-38469745c639 | 10.0 | 0.05% | 2026-05-29 | 2026-06-08 |