Predator Connect W6x CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-49195	1 Acer	1 Predator Connect W6x	2026-05-29	N/A
Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.
CVE-2026-49196	1 Acer	1 Predator Connect W6x	2026-05-29	N/A
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.
CVE-2026-49197	1 Acer	1 Predator Connect W6x	2026-05-29	N/A
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.
CVE-2026-49198	1 Acer	1 Predator Connect W6x	2026-05-29	N/A
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.
CVE-2026-49199	1 Acer	1 Predator Connect W6x	2026-05-29	N/A
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

Page 1 of 1.