Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-49201 | 1 Acer | 2 Wave 7, Wave 7 Firmware | 2026-06-08 | N/A | 9.8 CRITICAL |
| The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection. | |||||
| CVE-2026-49200 | 1 Acer | 2 Wave 7, Wave 7 Firmware | 2026-06-08 | N/A | 9.8 CRITICAL |
| The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access. | |||||