Skip to main content

Acer Connect M6E CVE-2026-50224

| EUVDEUVD-2026-34229 MEDIUM
Information Exposure (CWE-200)
2026-06-04 Acer GHSA-569c-634x-7vch
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 04, 2026 - 12:22 vuln.today
CVSS changed
Jun 04, 2026 - 10:22 NVD
6.9 (MEDIUM)
CVE Published
Jun 04, 2026 - 09:26 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.

AnalysisAI

The web administration panel of the Acer Connect M6E 5G Portable WiFi Router binds to the wildcard IPv6 address [::] on port 8080, exposing internal API endpoints over the public WAN interface without default firewall restrictions. All firmware versions through M6E_AI_1.00.000019 are affected, enabling authenticated remote attackers with high-privilege credentials to reach and query administrative APIs that are intended to be LAN-restricted only. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify device public IPv6 WAN address via carrier prefix scanning
Delivery
Probe [IPv6]:8080 to confirm admin panel reachability
Exploit
Authenticate using default or stolen high-privilege credentials
Execution
Query exposed internal API endpoints
Impact
Exfiltrate sensitive device or network configuration data

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: (1) the device must have a publicly routable global unicast IPv6 WAN address assigned by the carrier or ISP - devices behind IPv4 NAT without IPv6 WAN are not affected via this path; (2) no upstream firewall, carrier-grade ACL, or network perimeter control must be blocking inbound TCP port 8080 to the device's IPv6 address; and (3) the attacker must possess or obtain high-privilege administrative credentials for the web panel, as confirmed by PR:H in the CVSS 4.0 vector - port reachability alone does not yield sensitive data without authentication. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.9 (Medium) is driven by network accessibility (AV:N), low attack complexity (AC:L), and no required attack prerequisites (AT:N), but is moderated significantly by the high-privilege requirement (PR:H), yielding high confidentiality impact (VC:H) with zero integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker enumerates a carrier's IPv6 prefix space, identifies a reachable Acer Connect M6E device by probing port 8080 for the admin panel's HTTP response fingerprint, and then performs credential stuffing using default or previously leaked admin credentials. With high-privilege credentials in hand, the attacker queries internal API endpoints - previously unreachable from WAN under a correct binding configuration - and extracts sensitive device configuration, network topology, or credential data. …
Remediation Consult the Acer advisory at https://community.acer.com/en/kb/articles/19707 for firmware update guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-49185 CRITICAL
10.0 Jun 04

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all

CVE-2026-49190 CRITICAL
9.4 Jun 04

Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit

CVE-2026-49194 CRITICAL
9.4 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a

CVE-2026-49191 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded

CVE-2026-50214 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta

CVE-2026-50209 CRITICAL
9.3 Jun 04

Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000

CVE-2026-50208 CRITICAL
9.2 Jun 04

Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)

CVE-2026-50205 HIGH
8.8 Jun 04

Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p

CVE-2026-49202 HIGH
8.8 Jun 04

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re

CVE-2026-50211 HIGH
8.8 Jun 04

Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow

CVE-2026-50225 HIGH
8.8 Jun 04

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r

CVE-2026-49193 HIGH
8.7 Jun 04

Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co

Share

CVE-2026-50224 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy