AI description
CVE-2026-49197 describes an improper authentication vulnerability affecting web endpoints within the Acer Connect app. The flaw stems from the application's failure to adequately validate the HTTP Authorization header. Specifically, the vulnerability occurs because the system does not block requests when Base64 decoding of the Authorization header fails. This oversight can lead to improper authentication within the Acer Connect app.
- Description
- Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.
- Source
- 8fc372e3-d9c5-46e4-9410-38469745c639
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- 8fc372e3-d9c5-46e4-9410-38469745c639
- CWE-287
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
2
Acerがルータ製品Connect W6xにおけるCVSSスコア10の脆弱性2件を修正。CVE-2026-49197は管理画面の認証回避。CVE-2026-49199はMQTTでのコマンドインジェクション。 https://t.co/lgmkPgIkpJ
@__kokumoto
4 Jun 2026
835 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
1 Quote
CVE-2026-49197 (CVSS 10.0) impacts web endpoints in the Acer Connect app due to improper Authorization header validation. If your environment uses Acer Connect, review vendor guidance and apply updates. https://t.co/rmBjiZNfjt via NVD Recent High CVSS #CyberSecurity #InfoSec ht
@ADKCyber
30 May 2026
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes