CVE Catalog
CVE-2026-49200
CriticalCVSS 9.8Summary
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. It contains cleartext login credentials, leading to unauthorized system access.
Risk Assessment
Access to unencrypted login credentials may allow attackers to gain control over the system, posing a serious security threat to the organization.
Recommendation
It is recommended to restrict access to the acer_cgi.log file and implement appropriate authentication mechanisms in the web interface.
Original NVD description (English source)
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

