CVE-2026-49201
Vulnerability Description
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-798
Source
NVD
Vendor
Acer
Product
Wave 7 router
Discussion (0)
Add Comment
No comments yet. Be the first!