AI description
CVE-2026-49199 describes a command injection vulnerability found in Acer Predator Connect W6x devices, specifically impacting versions up to W6x_GBL_2.00.000005. This flaw resides within the MQTT Handler component of the affected product. The vulnerability allows for root-level code execution on the target device when specially crafted MQTT messages are processed. The weakness was disclosed by rethesis, and Acer Inc. is identified as the CNA (CVE Numbering Authority) for this issue.
- Description
- Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
- Source
- 8fc372e3-d9c5-46e4-9410-38469745c639
- NVD status
- Analyzed
- Products
- predator_connect_w6x_firmware
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 8fc372e3-d9c5-46e4-9410-38469745c639
- CWE-77
- Hype score
- Not currently trending
Acerがルータ製品Connect W6xにおけるCVSSスコア10の脆弱性2件を修正。CVE-2026-49197は管理画面の認証回避。CVE-2026-49199はMQTTでのコマンドインジェクション。 https://t.co/lgmkPgIkpJ
@__kokumoto
4 Jun 2026
1770 Impressions
1 Retweet
4 Likes
2 Bookmarks
1 Reply
1 Quote
New critical CVE-2026-49199 (CVSS 10.0) allows root code execution via crafted MQTT messages. Organizations using MQTT-enabled devices should review the NVD entry and apply patches once available. https://t.co/lbTFBQGB5B https://t.co/JWMuOSpE5J via NVD Recent High CVSS https://t
@ADKCyber
30 May 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:acer:predator_connect_w6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04ACD33A-38BE-4E2A-B25C-454D7500698B",
"versionEndIncluding": "w6x_gbl_2.00.000005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:acer:predator_connect_w6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B735B8A1-2E2F-4FFF-ABB2-84A9B4A6F15E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]