Acer Devices Upload.cgi Hardcoded AES Key Vulnerability Allowing Backup Decryption and Modification

Vulnerability

A vulnerability exists in the upload.cgi binary of certain Acer devices, where a hardcoded AES encryption key is embedded. This flaw enables an attacker to decrypt, alter, and re-encrypt system backups. Such capability could be exploited to inject a persistent backdoor into the system.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of system backups and the injection of a persistent backdoor into the device.

Added: May 29, 2026, 11:17 AM

Updated: May 29, 2026, 11:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Acer Devices Upload.cgi Hardcoded AES Key Vulnerability Allowing Backup Decryption and Modification

Vulnerability

Impact

Affected Products

Acer upload.cgi

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating