Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-49186 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 9.8 CRITICAL |
| The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands. | |||||
| CVE-2026-49185 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 9.8 CRITICAL |
| The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. | |||||
| CVE-2026-49187 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 7.5 HIGH |
| The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse. | |||||
| CVE-2026-49188 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 9.8 CRITICAL |
| The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands. | |||||
| CVE-2026-49189 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 7.8 HIGH |
| Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations. | |||||
| CVE-2026-49190 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 8.8 HIGH |
| The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. | |||||
| CVE-2026-49191 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 9.8 CRITICAL |
| The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. | |||||
| CVE-2026-49192 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 5.4 MEDIUM |
| The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping. | |||||
| CVE-2026-49193 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 7.5 HIGH |
| Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet. | |||||
| CVE-2026-49194 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 8.8 HIGH |
| The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. | |||||
| CVE-2026-49202 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 8.6 HIGH |
| Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. | |||||
| CVE-2026-49203 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 8.3 HIGH |
| Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. | |||||
| CVE-2026-49204 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 6.5 MEDIUM |
| Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. | |||||
| CVE-2026-50205 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 8.2 HIGH |
| System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. | |||||
| CVE-2026-50206 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 6.8 MEDIUM |
| Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files. | |||||
| CVE-2026-50207 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 7.8 HIGH |
| The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity. | |||||
| CVE-2026-50208 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 9.4 CRITICAL |
| High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic. | |||||
| CVE-2026-50209 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 7.8 HIGH |
| Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. | |||||
| CVE-2026-50211 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 9.8 CRITICAL |
| Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. | |||||
| CVE-2026-50210 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | N/A | 7.5 HIGH |
| The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption. | |||||