CVE Catalog

CVE-2026-49200

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. It contains cleartext login credentials, leading to unauthorized system access.

Risk Assessment

Access to unencrypted login credentials may allow attackers to gain control over the system, posing a serious security threat to the organization.

Recommendation

It is recommended to restrict access to the acer_cgi.log file and implement appropriate authentication mechanisms in the web interface.

Original NVD description (English source)

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS