Skip to main content

Acer Connect M6E CVE-2026-49186

| EUVDEUVD-2026-34200 HIGH
Improper Authentication (CWE-287)
2026-06-04 Acer GHSA-vvpf-h42q-v96v
8.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 04, 2026 - 06:15 vuln.today
CVSS changed
Jun 04, 2026 - 04:22 NVD
8.6 (HIGH)
CVE Published
Jun 04, 2026 - 03:36 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters ( # or +) to enumerate hidden network devices or publish rogue control commands.

AnalysisAI

Authentication bypass on the local MQTT broker of the Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allows any connected client to subscribe with wildcard topics (# or +) and either enumerate hidden network devices or publish rogue control commands. CVSS 4.0 rates this 8.6 (High) with network attack vector and high confidentiality/integrity/availability impact; no public exploit identified at time of analysis and the issue is not in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Join router's Wi-Fi network
Delivery
Discover local MQTT broker port
Exploit
Connect to broker without ACL check
Install
Subscribe with wildcard topic #
C2
Enumerate devices and capture control traffic
Execute
Publish rogue control commands
Impact
Manipulate router or attached devices

Vulnerability AssessmentAI

Exploitation The attacker must be able to reach the local MQTT broker on the Acer Connect M6E 5G Portable WiFi Router - in practice this means being associated with the router's Wi-Fi network (or any LAN segment where the broker port is reachable). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N, VC:H/VI:H/VA:H, SC:N/SI:N/SA:N) describes a network-reachable, low-complexity attack with no user interaction but requiring high privileges, and impact contained to the vulnerable component. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker joins the M6E's Wi-Fi (e.g. as a guest, or after obtaining the PSK), connects to the local MQTT broker, and issues a wildcard subscription such as 'SUBSCRIBE #' to enumerate every connected device, sensor reading, and control topic on the router's internal bus. …
Remediation No vendor-released patch version is identified in the available data; the only reference is the Acer community knowledge-base article at https://community.acer.com/en/kb/articles/19707, which should be consulted for the latest firmware bulletin and applied as soon as Acer ships a build later than M6E_AI_1.00.000019. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Acer Connect M6E 5G routers in your environment and verify firmware version M6E_AI_1.00.000019 or earlier; restrict network access to the router to authorized clients only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-49185 CRITICAL
10.0 Jun 04

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all

CVE-2026-49190 CRITICAL
9.4 Jun 04

Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit

CVE-2026-49194 CRITICAL
9.4 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a

CVE-2026-49191 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded

CVE-2026-50214 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta

CVE-2026-50209 CRITICAL
9.3 Jun 04

Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000

CVE-2026-50208 CRITICAL
9.2 Jun 04

Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)

CVE-2026-50205 HIGH
8.8 Jun 04

Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p

CVE-2026-49202 HIGH
8.8 Jun 04

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re

CVE-2026-50211 HIGH
8.8 Jun 04

Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow

CVE-2026-50225 HIGH
8.8 Jun 04

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r

CVE-2026-49193 HIGH
8.7 Jun 04

Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co

Share

CVE-2026-49186 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy