Skip to main content
Mallory
Back to vulnerabilities
Critical

Unauthenticated Credential Exposure via acer_cgi.log in Acer Wave 7 Routers

IdentifiersCVE-2026-49200CWE-532· Insertion of Sensitive Information…

CVE-2026-49200 is a broken access control issue in Acer device firmware affecting Wave 7 mesh routers running firmware T7c_GBL_1.01.000055 and earlier. The vulnerability exposes the internal acer_cgi.log file through the web interface without authentication. According to the provided content, this log file contains cleartext login credentials for both the web management interface and Telnet access. Because the file can be retrieved remotely without identity checks, an unauthenticated attacker can obtain valid administrative credentials directly from the device and then use them to access the router.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation results in disclosure of cleartext administrative credentials for the router’s web and Telnet interfaces. With those credentials, an unauthenticated remote attacker can gain unauthorized system access and potentially take control of the affected device. The resulting compromise has high confidentiality impact due to credential disclosure and can also lead to integrity and availability impact through authenticated administrative access.

Mitigation

If you can’t patch tonight, do this now.

Until patched firmware is available, disable remote management where possible. If remote administration must remain enabled, restrict Internet-facing access to trusted IP addresses only, as advised by Acer. More generally, limit exposure of the web management interface, disable Telnet if not required, and monitor for unauthorized administrative access using potentially exposed credentials.

Remediation

Patch, then assume compromise.

Apply Acer firmware updates that address CVE-2026-49200 when they become available. The provided content states that Acer planned firmware fixes for Wave 7 devices by the end of June 2026. Affected systems are firmware version T7c_GBL_1.01.000055 and earlier, so administrators should upgrade to the vendor-fixed release as soon as it is published.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
AcerDevice Firmwarehardware

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app
scworldNews
Jun 3, 2026
Acer addresses critical zero-day vulnerabilities in Wave 7 routers | brief | SC Media

A broken access control vulnerability in Acer Wave 7 mesh router firmware that allows unauthenticated attackers to access plaintext credentials from log archives.

Read more
security online infoNews
Jun 3, 2026
Acer Router Security Flaws: Perfect 10.0 CVSS Scores

An access control vulnerability in Acer Wave 7 router firmware that allows an unauthenticated attacker to read an exposed internal log file containing cleartext administrative credentials, enabling device compromise.

Read more
bleeping computerNews
Jun 3, 2026
Acer working to patch max severity zero-days in Wave 7 routers

A maximum-severity broken access control vulnerability in Acer Wave 7 mesh routers that exposes plaintext web and Telnet credentials via an unauthenticated web-accessible log file.

Read more
cvefeed high severityNews
May 29, 2026
CVE-2026-49200 - Acer Wave 7 router: Broken Access Control

An information disclosure vulnerability in device firmware where the acer_cgi.log file is accessible without authentication via the web interface, exposing cleartext web and Telnet credentials and enabling unauthorized system access.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-49200
NVD
nvd.nist.gov/vuln/detail/CVE-2026-49200
MITRE CWE · CWE-532
Insertion of Sensitive Information into Log File
community.acer.com
community.acer.com/en/kb/articles/19673