Skip to main content

Acer Connect M6E CVE-2026-49190

| EUVDEUVD-2026-34209 CRITICAL
OS Command Injection (CWE-78)
2026-06-04 Acer GHSA-v76p-jwh5-4pcm
9.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 04, 2026 - 07:30 vuln.today
CVSS changed
Jun 04, 2026 - 07:22 NVD
9.4 (CRITICAL)

DescriptionCVE.org

The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.

AnalysisAI

Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbitrary applications or execute operating system commands by abusing internal operation codes (opcodes) whose permission checks are not properly enforced. The flaw carries a CVSS 4.0 score of 9.4 (Critical) due to network reach, low attack complexity, and scope-changing impact on confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router management interface over LAN/WAN
Delivery
Authenticate with low-privileged account
Exploit
Invoke unprotected internal opcode
Execution
Inject shell metacharacters into command parameter
Persist
Execute arbitrary OS command on firmware
Impact
Install backdoor application or pivot to LAN

Vulnerability AssessmentAI

Exploitation The attacker must have network reachability to the router's management plane (typically the LAN/Wi-Fi side of an Acer Connect M6E, or the WAN side if remote administration has been enabled) and must hold low-privileged credentials on the device (CVSS PR:L) - fully unauthenticated access is not indicated by the vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mostly aligned toward high real-world risk: CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N with VC:H/VI:H/VA:H and a changed scope (SC:H/SI:H/SA:H) describes a network-reachable, low-complexity, no-interaction command injection achievable with only low privileges, which on a consumer router often equates to an ordinary management account or a guest-network foothold. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged access to the router's management interface - for example, a guest Wi-Fi user, a compromised LAN host, or someone with a captured non-admin account - sends a crafted request invoking one of the unprotected opcodes and supplies shell metacharacters in a parameter that is concatenated into an OS command. The router executes the injected command in the firmware's command interpreter, allowing the attacker to install a backdoor application or run arbitrary system commands as the service account, pivoting to full device takeover and a foothold on the local network.
Remediation Patch available per vendor advisory at https://community.acer.com/en/kb/articles/19707 - administrators should consult that knowledge base article for the fixed firmware build and apply the update to every Acer Connect M6E unit in inventory, since no exact fixed version is enumerated in the available CVE data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all Acer Connect M6E 5G routers in your network; restrict access to management interfaces to trusted networks only; disable remote management if not operationally required. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-49185 CRITICAL
10.0 Jun 04

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all

CVE-2026-49194 CRITICAL
9.4 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a

CVE-2026-49191 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded

CVE-2026-50214 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta

CVE-2026-50209 CRITICAL
9.3 Jun 04

Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000

CVE-2026-50208 CRITICAL
9.2 Jun 04

Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)

CVE-2026-50205 HIGH
8.8 Jun 04

Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p

CVE-2026-49202 HIGH
8.8 Jun 04

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re

CVE-2026-50211 HIGH
8.8 Jun 04

Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow

CVE-2026-50225 HIGH
8.8 Jun 04

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r

CVE-2026-49193 HIGH
8.7 Jun 04

Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co

CVE-2026-49187 HIGH
8.7 Jun 04

Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.0

Share

CVE-2026-49190 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy