Skip to main content

Acer Connect M6E CVE-2026-49194

| EUVDEUVD-2026-34213 CRITICAL
Improper Authentication (CWE-287)
2026-06-04 Acer GHSA-45g5-qmv3-9f22
9.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 04, 2026 - 07:31 vuln.today
CVSS changed
Jun 04, 2026 - 07:22 NVD
9.4 (CRITICAL)

DescriptionCVE.org

The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.

AnalysisAI

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a debug routine (SCREEN_CLICK opcode 5053) that skips the device login prompt and drops the caller directly into an interactive shell. CVSS 4.0 rates the issue 9.4 with scope change and high impact on confidentiality, integrity, and availability of both the router and connected subsystems; no public exploit identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router management interface over network
Delivery
Authenticate as low-privileged user
Exploit
Invoke SCREEN_CLICK(5053) debug routine
Execution
Bypass login prompt and obtain interactive shell
Persist
Harvest credentials and modify routing/DNS
Impact
Pivot to connected clients or persist on device

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) network reachability to the Acer Connect M6E management/debug interface - typically meaning the attacker is associated to the router's WiFi or otherwise on a network where the management plane is exposed, and (2) at least low-privileged authentication to the device (CVSS PR:L), so a fully anonymous Internet attacker against a default-configured device is not the documented threat model. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H with subsequent-system impact S:H across CIA is consistent with a network-reachable debug routine that grants shell on a network gateway device - high real-world impact because the router brokers all client traffic. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privileged credentials to the router (for example, a guest WiFi user or a captured normal-user login) sends the SCREEN_CLICK(5053) request to the management endpoint; instead of prompting for the device login, the firmware drops the connection straight into an interactive shell on the router. From that shell the attacker can dump WiFi/PSK material, modify DNS, install persistence, or pivot to clients behind the router. …
Remediation Apply the firmware update referenced in Acer's advisory at https://community.acer.com/en/kb/articles/19707 as the primary fix - the exact patched firmware version is not present in the supplied data, so cross-check the build number listed there against the version reported by the router's management UI. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 HOURS: Inventory all Acer Connect M6E 5G routers in deployment; disable remote management features; isolate affected devices to trusted networks only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-49185 CRITICAL
10.0 Jun 04

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all

CVE-2026-49190 CRITICAL
9.4 Jun 04

Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit

CVE-2026-49191 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded

CVE-2026-50214 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta

CVE-2026-50209 CRITICAL
9.3 Jun 04

Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000

CVE-2026-50208 CRITICAL
9.2 Jun 04

Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)

CVE-2026-50205 HIGH
8.8 Jun 04

Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p

CVE-2026-49202 HIGH
8.8 Jun 04

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re

CVE-2026-50211 HIGH
8.8 Jun 04

Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow

CVE-2026-50225 HIGH
8.8 Jun 04

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r

CVE-2026-49193 HIGH
8.7 Jun 04

Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co

CVE-2026-49187 HIGH
8.7 Jun 04

Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.0

Share

CVE-2026-49194 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy