CVE-2026-49200

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

CVSS

No CVSS.

References

Link	Resource
https://community.acer.com/en/kb/articles/19673

Configurations

No configuration.

History

29 May 2026, 09:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-29 09:16

Updated : 2026-05-29 14:46

NVD link : CVE-2026-49200

Mitre link : CVE-2026-49200

CVE.ORG link : CVE-2026-49200

JSON object : View

Products Affected

No product.

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2026-49200", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "8fc372e3-d9c5-46e4-9410-38469745c639", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-05-29T09:16:18.270", "references": [{"url": "https://community.acer.com/en/kb/articles/19673", "source": "8fc372e3-d9c5-46e4-9410-38469745c639"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "8fc372e3-d9c5-46e4-9410-38469745c639", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access."}], "lastModified": "2026-05-29T14:46:09.837", "sourceIdentifier": "8fc372e3-d9c5-46e4-9410-38469745c639"}

CVE-2026-49200

JSON object

Attach tags to CVE-2026-49200

Attach tags to `CVE-2026-49200`