Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.
AnalysisAI
Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019) combine TrustAllCerts routines that bypass TLS certificate validation with hard-coded DES symmetric encryption keys, enabling a network-positioned attacker to decrypt traffic between the device and its backend services. CVSS 4.0 rates this 9.2 (Critical) given the unauthenticated network attack surface and high confidentiality/integrity impact, though attack complexity is rated High due to the MITM positioning requirement. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the attacker achieve a Man-in-the-Middle network position on a path used by the Acer Connect M6E 5G Portable WiFi Router's outbound TLS traffic - for example, control of an upstream Wi-Fi access point, ARP/DHCP spoofing on the LAN segment the router connects through, BGP/routing manipulation, or a malicious carrier/transit path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are mixed and warrant careful interpretation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same Wi-Fi network as the router, on the upstream carrier path, or in any intermediate network position intercepts the device's outbound TLS connections to Acer cloud/management endpoints. Because TrustAllCerts disables certificate validation, the attacker's substituted certificate is accepted silently; any application-layer traffic protected only by the hard-coded DES key can then be decrypted offline using the key extracted from a sibling device's firmware. … |
| Remediation | Consult Acer's advisory at https://community.acer.com/en/kb/articles/19707 and update the Acer Connect M6E firmware to the version released after M6E_AI_1.00.000019; an exact fix version is not independently confirmed from the input data, so verify the patched build number against Acer's KB article before deploying. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Conduct complete inventory of all Acer Connect M6E 5G devices, documenting firmware versions and network locations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all
Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta
Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000
Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p
Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re
Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow
Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r
Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co
Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.0
Same weakness CWE-330 – Use of Insufficiently Random Values
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34220
GHSA-jvr3-h63f-grq7