Gergo Pap

**Name of the Vulnerable Software and Affected Versions** Acer Wave 7 router (affected versions not specified) **Description** The `acer cgi.log` file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for both web and Telnet interfaces, which can lead to unauthorized system access and full system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Acer Wave 7 router (affected versions not specified) **Description** The `upload.cgi` binary, which processes device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, which can be used to facilitate persistent backdoor injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.