← Browse

Acer

36 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-49185 CRITICAL 10 Connect M6e 5g Portable Wifi Router — The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/i… 2026-06-04 CVE-2026-49186 HIGH 8.6 Connect M6e 5g Portable Wifi Router — The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subs… 2026-06-04 CVE-2026-49187 HIGH 8.7 Connect M6e 5g Portable Wifi Router — The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potentia… 2026-06-04 CVE-2026-49188 HIGH 8.7 Connect M6e 5g Portable Wifi Router — The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the… 2026-06-04 CVE-2026-49189 HIGH 8.5 Connect M6e 5g Portable Wifi Router — Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components … 2026-06-04 CVE-2026-49190 CRITICAL 9.4 Connect M6e 5g Portable Wifi Router — The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permi… 2026-06-04 CVE-2026-49191 CRITICAL 9.3 Connect M6e 5g Portable Wifi Router — The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted throu… 2026-06-04 CVE-2026-49192 MEDIUM 5.3 Connect M6e 5g Portable Wifi Router — The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of har… 2026-06-04 CVE-2026-49193 HIGH 8.7 Connect M6e 5g Portable Wifi Router — Overly permissive configuration settings on cloud storage containers expose active telemetry information publi… 2026-06-04 CVE-2026-49194 CRITICAL 9.4 Connect M6e 5g Portable Wifi Router — The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirel… 2026-06-04 CVE-2026-49202 HIGH 8.8 Connect M6e 5g Portable Wifi Router — Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin … 2026-06-04 CVE-2026-49203 HIGH 7.2 Connect M6e 5g Portable Wifi Router — Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing r… 2026-06-04 CVE-2026-49204 MEDIUM 6.9 Connect M6e 5g Portable Wifi Router — Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploi… 2026-06-04 CVE-2026-50205 HIGH 8.8 Connect M6e 5g Portable Wifi Router — System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporat… 2026-06-04 CVE-2026-50206 HIGH 8.5 Connect M6e 5g Portable Wifi Router — Incoming VPN network profile settings fail to process special characters safely, enabling command injection vi… 2026-06-04 CVE-2026-50207 HIGH 8.5 Connect M6e 5g Portable Wifi Router — The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to… 2026-06-04 CVE-2026-50208 CRITICAL 9.2 Connect M6e 5g Portable Wifi Router — High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES sym… 2026-06-04 CVE-2026-50209 CRITICAL 9.3 Connect M6e 5g Portable Wifi Router — Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpo… 2026-06-04 CVE-2026-50210 MEDIUM 6.9 Connect M6e 5g Portable Wifi Router — The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it suscept… 2026-06-04 CVE-2026-50211 HIGH 8.8 Connect M6e 5g Portable Wifi Router — Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving… 2026-06-04 CVE-2026-50212 HIGH 7.1 Connect M6e 5g Portable Wifi Router — Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unre… 2026-06-04 CVE-2026-50213 HIGH 8.7 Connect M6e 5g Portable Wifi Router — The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be… 2026-06-04 CVE-2026-50214 CRITICAL 9.3 Connect M6e 5g Portable Wifi Router — The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing… 2026-06-04 CVE-2026-50224 MEDIUM 6.9 Connect M6e 5g Portable Wifi Router — The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default … 2026-06-04 CVE-2026-50225 HIGH 8.8 Connect M6e 5g Portable Wifi Router — The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated… 2026-06-04 CVE-2026-50226 MEDIUM 6.9 Connect M6e 5g Portable Wifi Router — Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials fo… 2026-06-04 CVE-2026-49195 HIGH 8.7 Predator Connect W6x — Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, al… 2026-05-29 CVE-2026-49196 HIGH 8.6 Predator Connect W6x — The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arb… 2026-05-29 CVE-2026-49197 CRITICAL 10 Predator Connect W6x — Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to … 2026-05-29 CVE-2026-49198 HIGH 8.3 Predator Connect W6x — Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to u… 2026-05-29 CVE-2026-49199 CRITICAL 10 Predator Connect W6x — Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target devi… 2026-05-29 CVE-2026-49200 CRITICAL 10 Wave 7 Router — The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This … 2026-05-29 CVE-2026-49201 CRITICAL 10 Wave 7 Router — The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. Thi… 2026-05-29 CVE-2026-9789 HIGH 8.5 Nitrorsense V3 — A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052.… 2026-05-28 CVE-2026-9489 HIGH 8.5 Nitrorsense V3 — NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a … 2026-05-25 CVE-2026-9490 MEDIUM 6.8 Care Center — A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe… 2026-05-25