Skip to main content

Acer M3WebServer EUVDEUVD-2026-34210

| CVE-2026-49191 CRITICAL
Improper Authentication (CWE-287)
2026-06-04 Acer GHSA-gpg2-45rx-77ff
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 04, 2026 - 07:30 vuln.today
CVSS changed
Jun 04, 2026 - 07:22 NVD
9.3 (CRITICAL)

DescriptionCVE.org

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.

AnalysisAI

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded backend API keys through verbose error pages, enabling remote unauthenticated attackers to harvest credentials and gain full administrative control over the device. CVSS 4.0 scores this 9.3 (Critical) with no privileges or user interaction required, though no public exploit has been identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed M3WebServer interface
Delivery
Send malformed HTTP request to error path
Exploit
Parse verbose error page for hard-coded API keys
Execution
Authenticate to backend API with leaked keys
Impact
Modify router configuration or pivot to LAN clients

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to the M3WebServer HTTP interface on an Acer Connect M6E 5G router running the production firmware build, plus the ability to trigger one of the verbose error-handling code paths that render the hard-coded backend API keys in the response. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N with VC:H/VI:H/VA:H describes a fully remote, low-complexity, zero-prerequisite attack against confidentiality, integrity, and availability of the vulnerable component - consistent with the 9.3 base score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same network segment (or across the internet, if WAN management is enabled) sends malformed or unexpected HTTP requests to the router's M3WebServer until a verbose error page is rendered, then extracts the embedded backend API keys from the response body. Using those keys, the attacker authenticates directly to the backend API to read configuration, alter routing or DNS, pivot into the connected LAN, or brick the device - no credentials, user interaction, or social engineering required.
Remediation Apply the firmware update referenced in Acer's advisory at https://community.acer.com/en/kb/articles/19707 as the primary fix; an exact patched firmware version was not included in the supplied intelligence, so administrators should treat the vendor article as the authoritative source for the specific build number. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify and inventory all Acer Connect M6E 5G devices in use across the organization and document their network locations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-49185 CRITICAL
10.0 Jun 04

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all

CVE-2026-49190 CRITICAL
9.4 Jun 04

Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit

CVE-2026-49194 CRITICAL
9.4 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a

CVE-2026-50214 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta

CVE-2026-50209 CRITICAL
9.3 Jun 04

Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000

CVE-2026-50208 CRITICAL
9.2 Jun 04

Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)

CVE-2026-50205 HIGH
8.8 Jun 04

Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p

CVE-2026-49202 HIGH
8.8 Jun 04

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re

CVE-2026-50211 HIGH
8.8 Jun 04

Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow

CVE-2026-50225 HIGH
8.8 Jun 04

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r

CVE-2026-49193 HIGH
8.7 Jun 04

Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co

CVE-2026-49187 HIGH
8.7 Jun 04

Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.0

Share

EUVD-2026-34210 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy