Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
CVE-2026-49200: Acer Firmware: Cleartext Login Credentials Accessible via Web Interface
CVE-2026-49200
Summary
The Acer device's firmware stores login credentials in an unprotected log file. This means unauthorized users can access sensitive information and potentially gain control of the device. Users should update their firmware to a fixed version to prevent this issue.
Original title
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized...
Original description
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.
nvd CVSS4.0
10.0
Vulnerability type
CWE-532
Insertion of Sensitive Information into Log File
Published: 29 May 2026 · Updated: 30 May 2026 · First seen: 29 May 2026