Description
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
Published: 2026-05-29
Score: 10 Critical
EPSS: 1.6% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Crafted MQTT messages can trigger command injection, allowing an attacker to execute arbitrary commands as the system user. This results in full root-level code execution on the target device, compromising the confidentiality, integrity, and availability of the system. The weakness is a classic command injection vulnerability identified as CWE‑77.

Affected Systems

Acer Predator Connect W6x wireless routers are impacted. No explicit affected firmware versions are listed, but the vendor has issued a fix in firmware version W6x_GBL_2.00.000008. Devices running earlier firmware are potentially vulnerable.

Risk and Exploitability

The CVSS score of 10 indicates a severe risk. The EPSS score of 2% indicates a low but non-zero probability of exploitation; however, the exploit requires only the ability to send MQTT messages to the device, which is a standard network-facing interface. The vulnerability is not yet listed in the CISA KEV catalog, suggesting no known active exploits, but the remote attack vector and high CVSS score make it a critical risk.

Generated by OpenCVE AI on June 18, 2026 at 07:28 UTC.

Remediation

Vendor Solution

Fixed on firmware version: W6x_GBL_2.00.000008

OpenCVE Recommended Actions

  • Upgrade the firmware to W6x_GBL_2.00.000008 or later, which contains the command injection fix.
  • Block or isolate unauthorized MQTT traffic by configuring network firewall rules or VLAN segregation to prevent unauthenticated devices from sending MQTT packets to the router.
  • If the MQTT service is not required for your deployment, disable the broker or restrict access to trusted devices only.

Generated by OpenCVE AI on June 18, 2026 at 07:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer predator Connect W6x Firmware
CPEs cpe:2.3:h:acer:predator_connect_w6x:-:*:*:*:*:*:*:*
cpe:2.3:o:acer:predator_connect_w6x_firmware:*:*:*:*:*:*:*:*
Vendors & Products Acer predator Connect W6x Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer predator Connect W6x
Vendors & Products Acer
Acer predator Connect W6x

Fri, 29 May 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
Title Predator Connect W6x: RCE via MQTT
Weaknesses CWE-77
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Acer Predator Connect W6x Predator Connect W6x Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-05-29T10:55:30.188Z

Reserved: 2026-05-28T02:47:39.776Z

Link: CVE-2026-49199

cve-icon Vulnrichment

Updated: 2026-05-29T10:55:24.954Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-29T09:16:18.143

Modified: 2026-06-04T19:44:34.333

Link: CVE-2026-49199

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:30:05Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')