Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.
AnalysisAI
Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.00.000019) stems from hard-coded, non-expiring credentials embedded in the companion APK that are shared across all deployments. Remote attackers can extract these static secrets from any copy of the application and use them to access sensitive router data without authentication, and no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the Acer Connect M6E 5G Portable WiFi Router be running firmware at or below M6E_AI_1.00.000019 with its companion Android APK in use, and that the API endpoints or device interfaces which trust the hard-coded shared secret be reachable by the attacker (network attack vector per CVSS AV:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS v4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H) yields 8.7 - network-reachable, low complexity, no privileges or user interaction, and high confidentiality impact with no integrity or availability effect, which matches a credential/data-disclosure flaw rather than an RCE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker downloads the Acer Connect companion APK from a public mirror, decompiles it with jadx, and extracts the hard-coded 'scepter' token from its resource files. Because the same token is embedded in every distribution, the attacker can then issue authenticated-looking API calls to any internet-reachable M6E device or backend service that trusts the shared secret, harvesting subscriber/device data at scale without ever touching the victim's network directly. |
| Remediation | Patch status is unclear from the provided data - Acer's community advisory at https://community.acer.com/en/kb/articles/19707 should be consulted for the fixed firmware and APK build; no vendor-released patch version was independently confirmed in the supplied intelligence. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all Acer Connect M6E 5G routers (firmware M6E_AI_1.00.000019 and earlier); document current configuration and isolation status; restrict network access to management interfaces. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all
Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta
Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000
Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)
Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p
Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re
Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow
Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r
Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34204
GHSA-mgmr-hqww-q343