CVE-2026-49199

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

critical 9.8 CVSS 3.1
Published: May 29, 2026
Modified: Jun 4, 2026
Vendor: Acer
Product: Predator Connect W6X Firmware

Description

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

References

Related CVEs

CVE-2026-50224 medium · 4.9
The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.
CVE-2026-50225 critical · 9.1
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
CVE-2026-50226 medium · 5.3
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list cata
CVE-2026-50214 critical · 9.8
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
CVE-2026-49201 critical · 9.8
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups
CVE-2026-49198 medium · 4.9
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.