Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.
AnalysisAI
Local privilege escalation in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.000019) allows low-privileged local software components to invoke administrative operations via an unprotected Broadcast Receiver. CVSS 4.0 scores this 8.5 (High) with local attack vector and low privileges required, and no public exploit has been identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must already be able to run a local, low-privileged software component on the Acer Connect M6E 5G Portable WiFi Router (PR:L, AV:L) - for example a sideloaded or companion application - and the device must be running firmware at or below M6E_AI_1.00.000019 where the core Broadcast Receiver is declared with unchecked public access permissions. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) indicates a local attack requiring low privileges, no user interaction, and yielding high confidentiality, integrity, and availability impact on the vulnerable component - a profile consistent with on-device privilege escalation rather than remote compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker convinces the victim to install a benign-looking application on a phone or device paired with the Acer Connect M6E (or otherwise plants a low-privileged process on it); that application sends a crafted intent to the exposed Broadcast Receiver and triggers administrative operations such as configuration changes or privileged command execution without holding admin rights. No public exploit code has been identified at time of analysis, but the construction of a proof-of-concept intent-broadcaster is straightforward for an attacker familiar with the platform. |
| Remediation | Upgrade the Acer Connect M6E firmware to a release later than M6E_AI_1.00.000019 once Acer publishes a fixed build, following the guidance in the Acer advisory at https://community.acer.com/en/kb/articles/19707; patch availability per vendor advisory should be confirmed against the linked KB. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all Acer Connect M6E 5G units and confirm firmware versions (≤M6E_AI_1.00.000019) affected. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all
Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta
Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000
Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)
Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p
Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re
Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow
Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r
Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34208
GHSA-hph7-5jr2-h359