Description
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.
Published: 2026-05-29
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Wi‑Fi device blocking feature does not properly sanitize MAC address input in the web interface, allowing an attacker to inject and execute arbitrary shell commands. This leads to full remote code execution, compromising confidentiality, integrity, and availability of the device.

Affected Systems

The flaw affects Acer Predator Connect W6x Wi‑Fi adapters running firmware versions older than W6x_GBL_2.00.000008.

Risk and Exploitability

With a CVSS score of 8.6, the vulnerability is high severity. The EPSS score is not available, but the absence from CISA KEV suggests no known large‑scale exploitation yet. Attackers can target the web interface by sending a crafted MAC address that escapes validation and runs shell commands, potentially taking control of the device.

Generated by OpenCVE AI on May 29, 2026 at 10:22 UTC.

Remediation

Vendor Solution

Fixed on firmware version: W6x_GBL_2.00.000008.

OpenCVE Recommended Actions

  • Update the device firmware to W6x_GBL_2.00.000008 or later, as this patch eliminates the injection flaw.
  • If an immediate firmware upgrade is not possible, restrict access to the web interface to trusted IP addresses or networks, and disable the Wi‑Fi blocking feature if that is feasible.
  • Regularly review device logs for signs of unexpected shell command execution and consider implementing network segmentation to isolate the adapter from critical infrastructure.

Generated by OpenCVE AI on May 29, 2026 at 10:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer predator Connect W6x
Vendors & Products Acer
Acer predator Connect W6x

Fri, 29 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.
Title Predator Connect W6x: Web Interface Command Injection
Weaknesses CWE-77
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Acer Predator Connect W6x
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-05-29T11:37:10.511Z

Reserved: 2026-05-28T02:47:39.776Z

Link: CVE-2026-49196

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T09:16:17.743

Modified: 2026-05-29T14:46:09.837

Link: CVE-2026-49196

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:47:23Z

Weaknesses