This vulnerability affects the Acer Predator Connect W6x device running firmware version W6x_GBL_2.00.000005. The /sbin/mtk_dut binary is accessible via TCP port 9000 without any authentication mechanism, enabling an unauthenticated attacker on the same LAN to execute arbitrary UCC commands. This represents a missing authentication control (CWE-306) that could lead to significant device compromise. The CVSS 4.0 base score is 8.7, reflecting high severity with attack vector limited to adjacent network, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. There is no vendor-provided patch or remediation level indicated.

An attacker with access to the local network can exploit this vulnerability to execute arbitrary commands on the affected device without authentication. This can lead to unauthorized control over the device, potentially compromising confidentiality, integrity, and availability of the system. Given the high CVSS score and the nature of the vulnerability, the impact is significant for devices exposed on LAN environments.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, network administrators should restrict access to TCP port 9000 on affected devices to trusted hosts only, ideally by network segmentation or firewall rules. Monitoring for unusual activity on this port may help detect exploitation attempts. No official vendor mitigation or patch is currently available.