Acer Predator Connect W6x Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Acer Predator Connect W6x Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2026-49197 — CVSS 9.8 (critical): Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64…
CVE-2026-49199 — CVSS 9.8 (critical): Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
CVE-2026-49195 — CVSS 8.8 (high): Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker…
CVE-2026-49196 — CVSS 7.2 (high): The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.
CVE-2026-49198 — CVSS 4.9 (medium): Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.