Export limit exceeded: 35533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (63 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50224 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-08 | 4.9 Medium |
| The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. | ||||
| CVE-2026-50225 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-08 | 9.1 Critical |
| The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. | ||||
| CVE-2026-50226 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-08 | 5.3 Medium |
| Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links. | ||||
| CVE-2026-50214 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-08 | 9.8 Critical |
| The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. | ||||
| CVE-2026-49201 | 1 Acer | 3 Wave 7, Wave 7 Firmware, Wave 7 Router | 2026-06-08 | 9.8 Critical |
| The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection. | ||||
| CVE-2026-49198 | 1 Acer | 2 Predator Connect W6x, Predator Connect W6x Firmware | 2026-06-08 | 4.9 Medium |
| Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors. | ||||
| CVE-2026-49197 | 1 Acer | 2 Predator Connect W6x, Predator Connect W6x Firmware | 2026-06-08 | 9.8 Critical |
| Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails. | ||||
| CVE-2026-49196 | 1 Acer | 2 Predator Connect W6x, Predator Connect W6x Firmware | 2026-06-08 | 7.2 High |
| The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands. | ||||
| CVE-2026-49195 | 1 Acer | 2 Predator Connect W6x, Predator Connect W6x Firmware | 2026-06-08 | 8.8 High |
| Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands. | ||||
| CVE-2026-49200 | 1 Acer | 3 Wave 7, Wave 7 Firmware, Wave 7 Router | 2026-06-08 | 9.8 Critical |
| The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access. | ||||
| CVE-2026-49185 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 9.8 Critical |
| The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. | ||||
| CVE-2026-49186 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 9.8 Critical |
| The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands. | ||||
| CVE-2026-49187 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.5 High |
| The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse. | ||||
| CVE-2026-49188 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 9.8 Critical |
| The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands. | ||||
| CVE-2026-49189 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.8 High |
| Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations. | ||||
| CVE-2026-49190 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.8 High |
| The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. | ||||
| CVE-2026-49191 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 9.8 Critical |
| The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. | ||||
| CVE-2026-49192 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 5.4 Medium |
| The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping. | ||||
| CVE-2026-49193 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.5 High |
| Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet. | ||||
| CVE-2026-49194 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.8 High |
| The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. | ||||