CVE-2026-49195 Acer CVE debrief

Who should care

Network administrators managing LAN-connected devices, security teams responsible for IoT and embedded device hardening, and organizations using potentially affected Acer devices should prioritize network segmentation and service auditing.

Technical summary

The /sbin/mtk_dut binary listens on TCP port 9000 without requiring authentication. A LAN-based attacker can connect to this port and issue arbitrary UCC (Unified Command and Control or device-specific command) commands, resulting in complete compromise of confidentiality, integrity, and availability with limited subsequent impact on downstream systems. The attack requires adjacent network access, no privileges, and no user interaction. The vulnerability is classified under CWE-306 for missing authentication on a critical function.

Defensive priority

HIGH

Recommended defensive actions

• Restrict network access to TCP port 9000 at the perimeter and segment boundaries to prevent unauthorized LAN-based access
• Audit devices for exposure of /sbin/mtk_dut and disable or remove the debug service if not required for operations
• Monitor network traffic for unauthorized connections to TCP port 9000 and anomalous UCC command patterns
• Apply vendor-provided firmware or configuration updates when available; verify authentication requirements for any debug interfaces
• Review device configurations to ensure debug services are not enabled in production deployments

Evidence notes

Vendor attribution derives from reference domain candidate 'Acer' with canonical source marked as reference_domain_weak and confidence low; needsReview flag is set. CVSS 4.0 vector: AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L. Weakness classified as CWE-306 (Missing Authentication for Critical Function). NVD vulnStatus: Awaiting Analysis.

Official resources