A critical security alert has been issued regarding vulnerabilities in Acer's Connect W6x devices. The advisories highlight urgent firmware updates due to two serious flaws: CVE-2026-49197, which allows authentication bypass through poor HTTP handling, and CVE-2026-49199, a command injection vulnerability affecting the MQTT broker. Both issues have a CVSS severity rating of 10.0, necessitating immediate action from users to patch their devices.
The firmware update also addresses three additional high-severity vulnerabilities. Users are recommended to update to version W6x_GBL_2.00.000008 or later for optimal security.