Acer Predator Connect W6x
5 CVEs affecting Acer Predator Connect W6x. Latest disclosed: 2026-05-29. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-49199 | Critical | 9.8 | 2026-05-29 | Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. |
CVE-2026-49198 | | 2026-05-29 | Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors. | |
CVE-2026-49197 | | 2026-05-29 | Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails. | |
CVE-2026-49196 | | 2026-05-29 | The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands. | |
CVE-2026-49195 | | 2026-05-29 | Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrar… |