Acer Connect M6e 5g Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Acer Connect M6e 5g Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2026-49185 — CVSS 9.8 (critical): The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.
CVE-2026-49186 — CVSS 9.8 (critical): The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard…
CVE-2026-49188 — CVSS 9.8 (critical): The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated…
CVE-2026-50214 — CVSS 9.8 (critical): The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of…
CVE-2026-49191 — CVSS 9.8 (critical): The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling…
CVE-2026-50208 — CVSS 9.4 (critical): High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a…
CVE-2026-50225 — CVSS 9.1 (critical): The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the…
CVE-2026-49194 — CVSS 8.8 (high): The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an…
CVE-2026-49190 — CVSS 8.8 (high): The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized…
CVE-2026-49202 — CVSS 8.6 (high): Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules…
CVE-2026-49203 — CVSS 8.3 (high): Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be…
CVE-2026-50205 — CVSS 8.2 (high): System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.
CVE-2026-49189 — CVSS 7.8 (high): Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative…
CVE-2026-50209 — CVSS 7.8 (high): Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting…
CVE-2026-50207 — CVSS 7.8 (high): The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or…
CVE-2026-50210 — CVSS 7.5 (high): The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and…
CVE-2026-49193 — CVSS 7.5 (high): Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.
CVE-2026-49187 — CVSS 7.5 (high): The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.
CVE-2026-50213 — CVSS 7.5 (high): The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating…
CVE-2026-50206 — CVSS 6.8 (medium): Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files.
CVE-2026-50212 — CVSS 6.5 (medium): Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing…
CVE-2026-49204 — CVSS 6.5 (medium): Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation.
CVE-2026-49192 — CVSS 5.4 (medium): The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers…
CVE-2026-50226 — CVSS 5.3 (medium): Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers…
CVE-2026-50224 — CVSS 4.9 (medium): The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making…