Acer
36 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-49185
CRITICAL 10
Connect M6e 5g Portable Wifi Router — The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/i…
2026-06-04
CVE-2026-49186
HIGH 8.6
Connect M6e 5g Portable Wifi Router — The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subs…
2026-06-04
CVE-2026-49187
HIGH 8.7
Connect M6e 5g Portable Wifi Router — The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potentia…
2026-06-04
CVE-2026-49188
HIGH 8.7
Connect M6e 5g Portable Wifi Router — The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the…
2026-06-04
CVE-2026-49189
HIGH 8.5
Connect M6e 5g Portable Wifi Router — Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components …
2026-06-04
CVE-2026-49190
CRITICAL 9.4
Connect M6e 5g Portable Wifi Router — The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permi…
2026-06-04
CVE-2026-49191
CRITICAL 9.3
Connect M6e 5g Portable Wifi Router — The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted throu…
2026-06-04
CVE-2026-49192
MEDIUM 5.3
Connect M6e 5g Portable Wifi Router — The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of har…
2026-06-04
CVE-2026-49193
HIGH 8.7
Connect M6e 5g Portable Wifi Router — Overly permissive configuration settings on cloud storage containers expose active telemetry information publi…
2026-06-04
CVE-2026-49194
CRITICAL 9.4
Connect M6e 5g Portable Wifi Router — The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirel…
2026-06-04
CVE-2026-49202
HIGH 8.8
Connect M6e 5g Portable Wifi Router — Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin …
2026-06-04
CVE-2026-49203
HIGH 7.2
Connect M6e 5g Portable Wifi Router — Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing r…
2026-06-04
CVE-2026-49204
MEDIUM 6.9
Connect M6e 5g Portable Wifi Router — Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploi…
2026-06-04
CVE-2026-50205
HIGH 8.8
Connect M6e 5g Portable Wifi Router — System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporat…
2026-06-04
CVE-2026-50206
HIGH 8.5
Connect M6e 5g Portable Wifi Router — Incoming VPN network profile settings fail to process special characters safely, enabling command injection vi…
2026-06-04
CVE-2026-50207
HIGH 8.5
Connect M6e 5g Portable Wifi Router — The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to…
2026-06-04
CVE-2026-50208
CRITICAL 9.2
Connect M6e 5g Portable Wifi Router — High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES sym…
2026-06-04
CVE-2026-50209
CRITICAL 9.3
Connect M6e 5g Portable Wifi Router — Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpo…
2026-06-04
CVE-2026-50210
MEDIUM 6.9
Connect M6e 5g Portable Wifi Router — The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it suscept…
2026-06-04
CVE-2026-50211
HIGH 8.8
Connect M6e 5g Portable Wifi Router — Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving…
2026-06-04
CVE-2026-50212
HIGH 7.1
Connect M6e 5g Portable Wifi Router — Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unre…
2026-06-04
CVE-2026-50213
HIGH 8.7
Connect M6e 5g Portable Wifi Router — The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be…
2026-06-04
CVE-2026-50214
CRITICAL 9.3
Connect M6e 5g Portable Wifi Router — The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing…
2026-06-04
CVE-2026-50224
MEDIUM 6.9
Connect M6e 5g Portable Wifi Router — The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default …
2026-06-04
CVE-2026-50225
HIGH 8.8
Connect M6e 5g Portable Wifi Router — The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated…
2026-06-04
CVE-2026-50226
MEDIUM 6.9
Connect M6e 5g Portable Wifi Router — Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials fo…
2026-06-04
CVE-2026-49195
HIGH 8.7
Predator Connect W6x — Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, al…
2026-05-29
CVE-2026-49196
HIGH 8.6
Predator Connect W6x — The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arb…
2026-05-29
CVE-2026-49197
CRITICAL 10
Predator Connect W6x — Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to …
2026-05-29
CVE-2026-49198
HIGH 8.3
Predator Connect W6x — Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to u…
2026-05-29
CVE-2026-49199
CRITICAL 10
Predator Connect W6x — Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target devi…
2026-05-29
CVE-2026-49200
CRITICAL 10
Wave 7 Router — The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This …
2026-05-29
CVE-2026-49201
CRITICAL 10
Wave 7 Router — The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. Thi…
2026-05-29
CVE-2026-9789
HIGH 8.5
Nitrorsense V3 — A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052.…
2026-05-28
CVE-2026-9489
HIGH 8.5
Nitrorsense V3 — NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a …
2026-05-25
CVE-2026-9490
MEDIUM 6.8
Care Center — A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe…
2026-05-25