Description
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
Published: 2026-05-29
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Crafted MQTT messages can trigger command injection, allowing an attacker to execute arbitrary commands as the system user. This results in full root-level code execution on the target device, compromising the confidentiality, integrity, and availability of the system. The weakness is a classic command injection vulnerability identified as CWE‑77.

Affected Systems

Acer Predator Connect W6x wireless routers are impacted. No explicit affected firmware versions are listed, but the vendor has issued a fix in firmware version W6x_GBL_2.00.000008. Devices running earlier firmware are potentially vulnerable.

Risk and Exploitability

The CVSS score of 10 indicates a severe risk. Because no EPSS score is available, the likelihood of exploitation cannot be quantified from the data; however, the exploit requires only the ability to send MQTT messages to the device, which is a standard network-facing interface. The vulnerability is not yet listed in the CISA KEV catalog, suggesting no known active exploits, but the remote attack vector and high CVSS score make it a critical risk.

Generated by OpenCVE AI on May 29, 2026 at 10:20 UTC.

Remediation

Vendor Solution

Fixed on firmware version: W6x_GBL_2.00.000008

OpenCVE Recommended Actions

  • Upgrade the firmware to W6x_GBL_2.00.000008 or later, which contains the command injection fix.
  • Block or isolate unauthorized MQTT traffic by configuring network firewall rules or VLAN segregation to prevent unauthenticated devices from sending MQTT packets to the router.
  • If the MQTT service is not required for your deployment, disable the broker or restrict access to trusted devices only.

Generated by OpenCVE AI on May 29, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer predator Connect W6x
Vendors & Products Acer
Acer predator Connect W6x

Fri, 29 May 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
Title Predator Connect W6x: RCE via MQTT
Weaknesses CWE-77
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Acer Predator Connect W6x
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-05-29T10:55:30.188Z

Reserved: 2026-05-28T02:47:39.776Z

Link: CVE-2026-49199

cve-icon Vulnrichment

Updated: 2026-05-29T10:55:24.954Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T09:16:18.143

Modified: 2026-05-29T14:46:09.837

Link: CVE-2026-49199

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:47:15Z

Weaknesses