CVE-2026-49198

Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.

medium 4.9 CVSS 3.1
Published: May 29, 2026
Modified: Jun 8, 2026
Vendor: Acer
Product: Predator Connect W6X Firmware

Description

Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.

References

Related CVEs

CVE-2026-50224 medium · 4.9
The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.
CVE-2026-50225 critical · 9.1
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
CVE-2026-50226 medium · 5.3
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list cata
CVE-2026-50214 critical · 9.8
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
CVE-2026-49201 critical · 9.8
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups
CVE-2026-49200 critical · 9.8
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leadin