Back to CVE List

CVE-2026-49201

Vulnerability Description

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-798
Source
NVD
Vendor
Acer
Product
Wave 7 router

External References

Discussion (0)

Add Comment

No comments yet. Be the first!