Every CVE whose affected-product data names Acer Wave 7 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-49200 — CVSS 9.8 (critical): The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login…
CVE-2026-49201 — CVSS 9.8 (critical): The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to…