Acer confirmed the critical vulnerabilities in the Wave 7 router and promised a fix until the end of June 2026.
Owners of routers Acer Wave 7 will have to closely monitor the updates. The device found two critical vulnerabilities, each received a maximum hazard rating of 10 out of 10. Acer is still preparing a patch and plans to release it by the end of June 2026. The problems affect Acer Wave 7 routers with firmware T7c_GBL_1.01.000055 and earlier versions. The company reported that the vulnerabilities were found during an independent security audit and transferred to Acer for troubleshooting.
The first vulnerability CWE-532 (CVSS:4./AV:N/AV::L/AT/NT/N:NI:NI:WI:WC/VC:H/V:H/V:H:::H/V:H::::Critical)) is associated with improper access settings. The acer_cgi.log file can be opened through the web router interface without logging in to your account. Inside the file stores logins and passwords in the open form, including data for the web interface and Telnet. If an attacker accesses such a file, the router may be completely under its control.
The second problem CWE-798 (CVSS:4.0/AV:C:N/A:F/A:F/H/A:H/C/H/C/SC/S:H/S/SA:H:H/SA:H:H/SA:H:] - 10.0 (Critical)) relates to the protection of backups of the device. In the program upload.cgi, which handles them, found a built-in AES encryption key. Because of this, the attacker can decrypt the backup, change it, encrypt it again and load back to the device. This method allows you to gain a foothold in the system and add hidden access.
Acer is already preparing a firmware update that should close both vulnerabilities. The company advises the owners of Acer Wave 7 to establish a fix immediately after the exit to reduce the risk of hacking and maintain the normal operation of the device.
You can check the update in the router control panel. To do this, you need to connect to the device by cable or Wi-Fi, open the address http://192.168.76.1 or http://acerconnect.com, log in to the administrator account, go to the system management section and select the firmware update.
During installation, Acer asks not to reload the router and not to turn off the power. If you interrupt the process, the update can be completed with an error.
Owners of routers Acer Wave 7 will have to closely monitor the updates. The device found two critical vulnerabilities, each received a maximum hazard rating of 10 out of 10. Acer is still preparing a patch and plans to release it by the end of June 2026. The problems affect Acer Wave 7 routers with firmware T7c_GBL_1.01.000055 and earlier versions. The company reported that the vulnerabilities were found during an independent security audit and transferred to Acer for troubleshooting.
The first vulnerability CWE-532 (CVSS:4./AV:N/AV::L/AT/NT/N:NI:NI:WI:WC/VC:H/V:H/V:H:::H/V:H::::Critical)) is associated with improper access settings. The acer_cgi.log file can be opened through the web router interface without logging in to your account. Inside the file stores logins and passwords in the open form, including data for the web interface and Telnet. If an attacker accesses such a file, the router may be completely under its control.
The second problem CWE-798 (CVSS:4.0/AV:C:N/A:F/A:F/H/A:H/C/H/C/SC/S:H/S/SA:H:H/SA:H:H/SA:H:] - 10.0 (Critical)) relates to the protection of backups of the device. In the program upload.cgi, which handles them, found a built-in AES encryption key. Because of this, the attacker can decrypt the backup, change it, encrypt it again and load back to the device. This method allows you to gain a foothold in the system and add hidden access.
Acer is already preparing a firmware update that should close both vulnerabilities. The company advises the owners of Acer Wave 7 to establish a fix immediately after the exit to reduce the risk of hacking and maintain the normal operation of the device.
You can check the update in the router control panel. To do this, you need to connect to the device by cable or Wi-Fi, open the address http://192.168.76.1 or http://acerconnect.com, log in to the administrator account, go to the system management section and select the firmware update.
During installation, Acer asks not to reload the router and not to turn off the power. If you interrupt the process, the update can be completed with an error.
