Archive: https://archive.today/2dyJ8
From the post:
>Acer confirmed that it's working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers.
According to a Friday security advisory, the two security flaws were reported by security researcher Gergo Pap and affect Wave 7 routers running firmware version T7c_GBL_1.01.000055 or earlier.
The first zero-day, a broken access control vulnerability tracked as CVE-2026-49200, can allow unauthenticated attackers to remotely access plaintext credentials stored in log archives.
"The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access," Acer explained.
Archive: https://archive.today/2dyJ8
From the post:
>>Acer confirmed that it's working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers.
According to a Friday security advisory, the two security flaws were reported by security researcher Gergo Pap and affect Wave 7 routers running firmware version T7c_GBL_1.01.000055 or earlier.
The first zero-day, a broken access control vulnerability tracked as CVE-2026-49200, can allow unauthenticated attackers to remotely access plaintext credentials stored in log archives.
"The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access," Acer explained.
