Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.
AnalysisAI
Unauthorized eSIM profile manipulation in the Acer Connect M6E 5G Portable WiFi Router allows adjacent attackers to rewrite or delete cellular eSIM profiles without authentication because management API endpoints fail to validate caller authorization. The flaw maps to CWE-287 (Improper Authentication) and is reported by Acer with CVSS 4.0 score 7.2, with no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires adjacent-network access (AV:A) - the attacker must be associated with the same Wi-Fi network served by the Acer Connect M6E 5G portable router, meaning physical proximity and either an open SSID, knowledge of the Wi-Fi passphrase, or a successful crack of it. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector indicates Adjacent network attack vector (AV:A), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N), with high impact on integrity and availability of the vulnerable component (VI:H/VA:H) but only low confidentiality impact (VC:L) and no subsequent-system impact - yielding the 7.2 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker associates with the Acer Connect M6E's Wi-Fi network - for example by joining an open hotspot at an airport lounge or cracking a weak passphrase - and then sends crafted HTTP requests to the router's eSIM management API endpoints. Because the endpoints do not check caller authorization, the attacker can rewrite the victim's cellular profile (potentially redirecting traffic through an attacker-controlled carrier configuration) or delete it outright, knocking the victim off cellular data. … |
| Remediation | Patch available per vendor advisory - administrators should consult the Acer advisory at https://community.acer.com/en/kb/articles/19707 and apply the firmware update Acer publishes for the Connect M6E as soon as it is offered through the device's update mechanism, since the exact fixed version is not enumerated in the provided data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit deployment of Acer Connect M6E 5G routers in production and critical infrastructure environments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all
Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta
Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000
Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)
Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p
Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re
Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow
Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r
Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34214
GHSA-hhrg-xw9w-2f4q