Skip to main content

Acer Connect M6E EUVDEUVD-2026-34223

| CVE-2026-50211 HIGH
Use of Externally-Controlled Format String (CWE-134)
2026-06-04 Acer GHSA-pcc5-98xf-vpff
8.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 04, 2026 - 11:06 vuln.today
CVSS changed
Jun 04, 2026 - 09:22 NVD
8.8 (HIGH)
CVE Published
Jun 04, 2026 - 07:28 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.

AnalysisAI

Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow malicious applications to obtain write access to internal NVRAM registers, enabling persistent modification of device state and configuration. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 4.0 base score of 8.8 reflects high confidentiality and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Deliver malicious app to device
Delivery
Reach exposed factory diagnostic interface
Exploit
Invoke diagnostic write primitive
Execution
Modify internal NVRAM registers
Impact
Persist altered router configuration

Vulnerability AssessmentAI

Exploitation Exploitation requires the target device to be running Acer Connect M6E firmware M6E_AI_1.00.000019 or earlier with the un-stripped factory and engineering diagnostic interfaces present on the retail build, and a malicious application with reach into the device's diagnostic channel must be running - per the description, exploitation is performed by 'malicious apps' that gain write access to internal NVRAM registers, not by an arbitrary remote internet host. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and partially contradictory. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious mobile application installed on a device that interacts with the router - for example through the vendor management app channel - locates the leftover engineering diagnostic endpoints exposed by retail firmware and issues diagnostic commands that write attacker-controlled values into NVRAM. The attacker uses this primitive to alter persistent configuration such as DNS, admin credentials, or boot parameters, surviving reboots and factory resets that read from the tampered NVRAM region. …
Remediation Apply the firmware release that supersedes M6E_AI_1.00.000019 as published in the Acer advisory at https://community.acer.com/en/kb/articles/19707; the exact patched version string is not enumerated in the provided intelligence, so confirm the build number against Acer's release notes before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Acer Connect M6E 5G routers (firmware M6E_AI_1.00.000019 or earlier) in use; disable factory diagnostics if accessible through device administration settings. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-49185 CRITICAL
10.0 Jun 04

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) all

CVE-2026-49190 CRITICAL
9.4 Jun 04

Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbit

CVE-2026-49194 CRITICAL
9.4 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a

CVE-2026-49191 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded

CVE-2026-50214 CRITICAL
9.3 Jun 04

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote atta

CVE-2026-50209 CRITICAL
9.3 Jun 04

Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.0000

CVE-2026-50208 CRITICAL
9.2 Jun 04

Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019)

CVE-2026-50205 HIGH
8.8 Jun 04

Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication p

CVE-2026-49202 HIGH
8.8 Jun 04

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets re

CVE-2026-50225 HIGH
8.8 Jun 04

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows r

CVE-2026-49193 HIGH
8.7 Jun 04

Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage co

CVE-2026-49187 HIGH
8.7 Jun 04

Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.0

Share

EUVD-2026-34223 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy