CVE-2026-49196

HIGH

Predator Connect W6x: Web Interface Command Injection

Title source: cna
STIX 2.1

Description

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.

References (1)

Core 1

Scores

CVSS v3 7.2
EPSS 0.0040
EPSS Percentile 31.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Products (2)
Acer/Predator Connect W6x W6x_GBL_2.00.000005
acer/predator_connect_w6x_firmware < w6x_gbl_2.00.000005
Published May 29, 2026
Tracked Since May 29, 2026