Acer working to patch max severity zero-days in Wave 7 routers
Acer has disclosed two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers running firmware version T7c_GBL_1. 01. 000055 or earlier. The first vulnerability (CVE-2026-49200) allows unauthenticated attackers to access plaintext credentials via an exposed log file. The second vulnerability (CVE-2026-49201) involves a hardcoded AES encryption key that enables attackers to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor access. Acer is actively working on firmware updates to address these issues, targeting a fix release by the end of June 2026. Until patches are available, users are advised to disable remote management or restrict remote access to trusted IP addresses. No known exploits in the wild have been reported yet.
AI Analysis
Technical Summary
Two critical zero-day vulnerabilities affect Acer Wave 7 mesh routers with firmware T7c_GBL_1.01.000055 or earlier. CVE-2026-49200 is a broken access control flaw exposing the acer_cgi.log file without authentication, leaking cleartext login credentials for web and Telnet access. CVE-2026-49201 is due to a hardcoded AES key in the upload.cgi binary, allowing attackers to manipulate device backups to inject persistent backdoors. Acer has confirmed these issues and is developing firmware updates scheduled for release by the end of June 2026. Until then, mitigation involves disabling remote management or limiting remote access to trusted IPs.
Potential Impact
Successful exploitation of CVE-2026-49200 can lead to unauthorized system access by exposing plaintext credentials, potentially allowing attackers to control the router. CVE-2026-49201 enables attackers to maintain persistent backdoor access by decrypting and modifying system backups, which could compromise the integrity and security of the device. These vulnerabilities pose significant risks to device confidentiality, integrity, and availability. No evidence of active exploitation has been reported so far.
Mitigation Recommendations
Acer is actively developing official firmware updates to fix these vulnerabilities, with a planned release by the end of June 2026. Users should apply these updates immediately once available. Until patches are released, Acer strongly recommends disabling remote management features or restricting remote access to trusted IP addresses to reduce exposure. Following these vendor-provided mitigation steps is critical to minimizing risk.
Acer working to patch max severity zero-days in Wave 7 routers
Description
Acer has disclosed two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers running firmware version T7c_GBL_1. 01. 000055 or earlier. The first vulnerability (CVE-2026-49200) allows unauthenticated attackers to access plaintext credentials via an exposed log file. The second vulnerability (CVE-2026-49201) involves a hardcoded AES encryption key that enables attackers to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor access. Acer is actively working on firmware updates to address these issues, targeting a fix release by the end of June 2026. Until patches are available, users are advised to disable remote management or restrict remote access to trusted IP addresses. No known exploits in the wild have been reported yet.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Two critical zero-day vulnerabilities affect Acer Wave 7 mesh routers with firmware T7c_GBL_1.01.000055 or earlier. CVE-2026-49200 is a broken access control flaw exposing the acer_cgi.log file without authentication, leaking cleartext login credentials for web and Telnet access. CVE-2026-49201 is due to a hardcoded AES key in the upload.cgi binary, allowing attackers to manipulate device backups to inject persistent backdoors. Acer has confirmed these issues and is developing firmware updates scheduled for release by the end of June 2026. Until then, mitigation involves disabling remote management or limiting remote access to trusted IPs.
Potential Impact
Successful exploitation of CVE-2026-49200 can lead to unauthorized system access by exposing plaintext credentials, potentially allowing attackers to control the router. CVE-2026-49201 enables attackers to maintain persistent backdoor access by decrypting and modifying system backups, which could compromise the integrity and security of the device. These vulnerabilities pose significant risks to device confidentiality, integrity, and availability. No evidence of active exploitation has been reported so far.
Mitigation Recommendations
Acer is actively developing official firmware updates to fix these vulnerabilities, with a planned release by the end of June 2026. Users should apply these updates immediately once available. Until patches are released, Acer strongly recommends disabling remote management features or restricting remote access to trusted IP addresses to reduce exposure. Following these vendor-provided mitigation steps is critical to minimizing risk.
Technical Details
- Article Source
- {"url":"https://www.bleepingcomputer.com/news/security/acer-warns-of-max-severity-zero-days-affecting-wave-7-routers/","fetched":true,"fetchedAt":"2026-06-03T11:48:37.178Z","wordCount":650}
Threat ID: 6a201495e29bf47b50ae0144
Added to database: 6/3/2026, 11:48:37 AM
Last enriched: 6/3/2026, 11:48:43 AM
Last updated: 6/3/2026, 12:51:57 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.