Skip to main content

Acer Connect M6E EUVDEUVD-2026-34221

| CVE-2026-50209 CRITICAL
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-06-04 Acer GHSA-jwpr-997h-4qrm
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 04, 2026 - 11:06 vuln.today
CVSS changed
Jun 04, 2026 - 09:22 NVD
9.3 (CRITICAL)
CVE Published
Jun 04, 2026 - 07:17 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker.

AnalysisAI

Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.000019) allows locally running malicious software to overwrite the default Mobile Device Management endpoint address through broadcast events, transferring administrative control of the device to an attacker-operated MDM server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Install malicious app on M6E router
Delivery
Emit broadcast event to MDM config receiver
Exploit
Overwrite default MDM endpoint URL
Execution
Router re-enrolls with attacker MDM server
Persist
Attacker pushes rogue policies and credentials
Impact
Full administrative ownership of router and managed clients

Vulnerability AssessmentAI

Exploitation Attacker must already have low-privileged code execution on the Acer Connect M6E 5G Portable WiFi Router running firmware ≤M6E_AI_1.00.000019 (e.g., via a malicious installed application), because the attack vector is local (AV:L) and broadcast events are an on-device IPC mechanism. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 9.3 reflects local attack vector (AV:L) with low complexity (AC:L), low required privileges (PR:L), and no user interaction (UI:N), combined with high confidentiality/integrity/availability impact on both the vulnerable system and subsequent systems (the latter capturing the downstream takeover of administered devices via the new MDM channel). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker convinces a user to install a malicious application on the M6E router (or otherwise achieves low-privilege code execution on the device), and that application emits the specific broadcast event that overwrites the configured MDM server URL with an attacker-controlled endpoint. On the next MDM check-in, the router enrolls against the attacker's server and accepts subsequent configuration, credential, and firmware-policy commands as authoritative, completing the administrative takeover; no public PoC is referenced in the available data.
Remediation Patch status from the available data is ambiguous: the Acer knowledge base article (https://community.acer.com/en/kb/articles/19707) is the only vendor reference, and no specific fixed firmware build is named in the supplied intelligence, so this should be treated as patch available per vendor advisory - administrators should consult that article for the exact remediated M6E_AI build and upgrade any router running firmware ≤M6E_AI_1.00.000019. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify and inventory all Acer Connect M6E 5G routers and document current firmware versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-49185 CRITICAL
10.0 Jun 04

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all

CVE-2026-49190 CRITICAL
9.4 Jun 04

Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit

CVE-2026-49194 CRITICAL
9.4 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a

CVE-2026-49191 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded

CVE-2026-50214 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta

CVE-2026-50208 CRITICAL
9.2 Jun 04

Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)

CVE-2026-50205 HIGH
8.8 Jun 04

Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p

CVE-2026-49202 HIGH
8.8 Jun 04

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re

CVE-2026-50211 HIGH
8.8 Jun 04

Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow

CVE-2026-50225 HIGH
8.8 Jun 04

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r

CVE-2026-49193 HIGH
8.7 Jun 04

Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co

CVE-2026-49187 HIGH
8.7 Jun 04

Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.0

Share

EUVD-2026-34221 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy