Information disclosure in Acer Wave 7 Router

CVE-2026-49200

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

EPSS: 0.001 (18.7th percentile) — read the EPSS interpretation.

Affected products

Acer Wave 7 Router — versions T7c_GBL_1.01.000055

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

8fc372e3-d9c5-46e4-9410-38469745c639