NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-49201

Summary	The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.
Publication Date	May 29, 2026, 8:16 p.m.
Registration Date	May 30, 2026, 4:14 a.m.
Last Update	May 29, 2026, 11:46 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://community.acer.com/en/kb/articles/19673	8fc372e3-d9c5-46e4-9410-38469745c639

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-798	ハードコードされた認証情報の使用	https://cwe.mitre.org/data/definitions/798.html