CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-49201

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.2%

CVSS Severity

CVSS v3 Score 9.8

References

https://community.acer.com/en/kb/articles/19673

Products affected by CVE-2026-49201

Acer » Wave 7 » Version: N/A

cpe:2.3:h:acer:wave_7:-
Acer » Wave 7 Firmware » Version: t7c_gbl_1.01.000055

cpe:2.3:o:acer:wave_7_firmware:t7c_gbl_1.01.000055

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-49201

Products

Pricing

Contact Us