Acer is working on firmware updates for two critical zero-day vulnerabilities affecting its Wave 7 mesh routers. The flaws can expose router login credentials and may allow attackers to modify backups in a way that could give them persistent access to the device.

If an attacker can take control of the device, they may be able to watch traffic, redirect users to malicious websites, interfere with connected devices, or use the router as a stepping stone into the rest of the network.

Acer says the vulnerabilities affect Wave 7 routers running firmware version T7c_GBL_1.01.000055 or earlier. The company says a firmware update is being developed, with a target release by the end of June 2026. Until then, affected users should disable remote management or restrict remote access to trusted IP addresses if the router firmware allows it. (Source: bleepingcomputer.com)

Login Credentials Viewable in Plain Text

The first vulnerability involves broken access control. According to Acer's own advisory, a file called acer_cgi.log can be accessed through the router's web interface without authentication. That is a major problem because the file contains plain text login credentials for the web interface and Telnet.

In simple English, that means an attacker may be able to retrieve the router's administrative credentials without first logging in. Once those credentials are exposed, the attacker may be able to access the router as if they were the legitimate owner or administrator.

The second vulnerability involves a hardcoded AES encryption key inside the router's upload.cgi component, which is responsible for processing device backups. Acer says this may allow an attacker to decrypt, modify, and re-encrypt router backups, potentially allowing persistent backdoor access. (Source: acer.com)

Why a Router Flaw is More Dangerous Than it Sounds

Many users think of router security as a secondary concern. They update Windows, patch their phones, run antivirus software, and assume the router is fine as long as the WiFi works. That assumption is dangerous.

A compromised router can create problems that ordinary antivirus software may not detect. For example, if a router is redirecting DNS requests, a user might type the correct website address but still be sent somewhere malicious. If the router is being used to monitor or modify traffic, the user's computer may appear clean while the network itself is no longer trustworthy.

How to Check The Firmware

Acer says affected Wave 7 users can check for firmware updates by connecting to the router by WiFi or Ethernet, opening the router administration page at http://192.168.76.1 or http://acerconnect.com, logging in with administrator credentials, and going to System Management, then Firmware Update, then Check for Updates.

Users should not unplug or restart the router while a firmware update is being installed. Interrupting router firmware updates can sometimes leave the device in a broken or partially updated state, which may require a reset or recovery process.

If no update is available yet, users should not assume they are safe. Acer's own advisory says the fix is expected by the end of June 2026, meaning the affected firmware may remain in use until the update is actually released and installed.

What To Do Now

Anyone using an Acer Wave 7 router should take several immediate steps.

1. Check the firmware version. If it is T7c_GBL_1.01.000055 or earlier, treat the router as affected.
    
2. Disable remote management unless it is absolutely required.
    
3. Change the router administrator password, especially after firmware is updated.
    
4. Disable Telnet if there is an option to do so.
    
5. Users should also review connected devices and look for anything unusual. That includes unknown devices on the WiFi network, unexpected DNS settings, strange port forwarding rules, unknown administrator accounts, or router settings that appear to have changed without explanation.

After Acer releases the firmware update, users should install it promptly and then re-check the router settings. A firmware update may fix the underlying vulnerability, but it may not automatically undo changes made by an attacker if the router was already compromised.

What is Your Opinion?

Do you regularly check your router for firmware updates, or do you only think about it when the Internet stops working? Should router makers be required to provide longer security support for home networking devices? Would you replace a router after a critical flaw like this, or wait for the firmware patch?