AI description
CVE-2026-49199 describes a command injection vulnerability found in Acer Predator Connect W6x devices, specifically impacting versions up to W6x_GBL_2.00.000005. This flaw resides within the MQTT Handler component of the affected product. The vulnerability allows for root-level code execution on the target device when specially crafted MQTT messages are processed. The weakness was disclosed by rethesis, and Acer Inc. is identified as the CNA (CVE Numbering Authority) for this issue.
- Description
- Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
- Source
- 8fc372e3-d9c5-46e4-9410-38469745c639
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- 8fc372e3-d9c5-46e4-9410-38469745c639
- CWE-77
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
2
Acerがルータ製品Connect W6xにおけるCVSSスコア10の脆弱性2件を修正。CVE-2026-49197は管理画面の認証回避。CVE-2026-49199はMQTTでのコマンドインジェクション。 https://t.co/lgmkPgIkpJ
@__kokumoto
4 Jun 2026
835 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
1 Quote
New critical CVE-2026-49199 (CVSS 10.0) allows root code execution via crafted MQTT messages. Organizations using MQTT-enabled devices should review the NVD entry and apply patches once available. https://t.co/lbTFBQGB5B https://t.co/JWMuOSpE5J via NVD Recent High CVSS https://t
@ADKCyber
30 May 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes