AI description
CVE-2026-49197 describes an improper authentication vulnerability affecting web endpoints within the Acer Connect app. The flaw stems from the application's failure to adequately validate the HTTP Authorization header. Specifically, the vulnerability occurs because the system does not block requests when Base64 decoding of the Authorization header fails. This oversight can lead to improper authentication within the Acer Connect app.
- Description
- Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.
- Source
- 8fc372e3-d9c5-46e4-9410-38469745c639
- NVD status
- Analyzed
- Products
- predator_connect_w6x_firmware
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 8fc372e3-d9c5-46e4-9410-38469745c639
- CWE-287
- Hype score
- Not currently trending
Acerがルータ製品Connect W6xにおけるCVSSスコア10の脆弱性2件を修正。CVE-2026-49197は管理画面の認証回避。CVE-2026-49199はMQTTでのコマンドインジェクション。 https://t.co/lgmkPgIkpJ
@__kokumoto
4 Jun 2026
1770 Impressions
1 Retweet
4 Likes
2 Bookmarks
1 Reply
1 Quote
CVE-2026-49197 (CVSS 10.0) impacts web endpoints in the Acer Connect app due to improper Authorization header validation. If your environment uses Acer Connect, review vendor guidance and apply updates. https://t.co/rmBjiZNfjt via NVD Recent High CVSS #CyberSecurity #InfoSec ht
@ADKCyber
30 May 2026
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:acer:predator_connect_w6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04ACD33A-38BE-4E2A-B25C-454D7500698B",
"versionEndIncluding": "w6x_gbl_2.00.000005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:acer:predator_connect_w6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B735B8A1-2E2F-4FFF-ABB2-84A9B4A6F15E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]