Acer CVEs & Vulnerabilities

27 CVEs affecting Acer products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

connect m6e 5g 26connect m6e 5g firmware 26predator connect w6x 1predator connect w6x firmware 1
CVE-2026-50226MEDIUM

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

4 Jun 2026
5.3
CVSS
CVE-2026-50225CRITICAL

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.

4 Jun 2026
9.1
CVSS
CVE-2026-50224MEDIUM

The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.

4 Jun 2026
4.9
CVSS
CVE-2026-50214CRITICAL

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.

4 Jun 2026
9.8
CVSS
CVE-2026-50213HIGH

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings.

4 Jun 2026
7.5
CVSS
CVE-2026-50212MEDIUM

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.

4 Jun 2026
6.5
CVSS
CVE-2026-50211CRITICAL

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.

4 Jun 2026
9.8
CVSS
CVE-2026-50210HIGH

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption.

4 Jun 2026
7.5
CVSS
CVE-2026-50209HIGH

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker.

4 Jun 2026
7.8
CVSS
CVE-2026-50208CRITICAL

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.

4 Jun 2026
9.4
CVSS
CVE-2026-50207HIGH

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity.

4 Jun 2026
7.8
CVSS
CVE-2026-50206MEDIUM

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files.

4 Jun 2026
6.8
CVSS
CVE-2026-50205HIGH

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.

4 Jun 2026
8.2
CVSS
CVE-2026-49204MEDIUM

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation.

4 Jun 2026
6.5
CVSS
CVE-2026-49203HIGH

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.

4 Jun 2026
8.3
CVSS
CVE-2026-49202HIGH

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.

4 Jun 2026
8.6
CVSS
CVE-2026-49194HIGH

The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.

4 Jun 2026
8.8
CVSS
CVE-2026-49193HIGH

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.

4 Jun 2026
7.5
CVSS
CVE-2026-49192MEDIUM

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping.

4 Jun 2026
5.4
CVSS
CVE-2026-49191CRITICAL

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.

4 Jun 2026
9.8
CVSS
CVE-2026-49190HIGH

The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.

4 Jun 2026
8.8
CVSS
CVE-2026-49189HIGH

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.

4 Jun 2026
7.8
CVSS
CVE-2026-49188CRITICAL

The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.

4 Jun 2026
9.8
CVSS
CVE-2026-49187HIGH

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.

4 Jun 2026
7.5
CVSS
CVE-2026-49186CRITICAL

The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.

4 Jun 2026
9.8
CVSS
CVE-2026-49185CRITICAL

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.

4 Jun 2026
9.8
CVSS
CVE-2026-49199CRITICAL

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

29 May 2026
9.8
CVSS
← PrevPage 1 / 1Next →