Inclusion of Sensitive Information in Log Files in Acer Wave 7 Router - #VU133365
Published: June 4, 2026
Vulnerability identifier: #VU133365
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-532
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Acer
Affected software:
Acer Wave 7 Router
Acer Wave 7 Router
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information and gain unauthorized system access.
The vulnerability exists due to sensitive information inserted into log archives in acer_cgi.log when handling unauthenticated web interface requests. A remote attacker can access the log file and read cleartext login credentials to disclose sensitive information and gain unauthorized system access.
The exposed credentials include web and Telnet login credentials.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability. The target fix is planned for deployment by vendor by the end of June 2026.