Product
acer connect m6e 5g firmware
22 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-50213
CVE-2026-50212
CVE-2026-50211
CVE-2026-50210
CVE-2026-50209
CVE-2026-50208
CVE-2026-50207
CVE-2026-50206
CVE-2026-50205
CVE-2026-49204
CVE-2026-49203
CVE-2026-49202
CVE-2026-49194
CVE-2026-49193
CVE-2026-49192
CVE-2026-49191
CVE-2026-49190
CVE-2026-49189
CVE-2026-49188
CVE-2026-49187
CVE-2026-49186
CVE-2026-49185
<= m6e_ai_1.00.000019
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterat
<= m6e_ai_1.00.000019
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints
<= m6e_ai_1.00.000019
Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps writ
<= m6e_ai_1.00.000019
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attac
<= m6e_ai_1.00.000019
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shiftin
<= m6e_ai_1.00.000019
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption
<= m6e_ai_1.00.000019
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files
<= m6e_ai_1.00.000019
Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config f
<= m6e_ai_1.00.000019
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification dat
<= m6e_ai_1.00.000019
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation.
<= m6e_ai_1.00.000019
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be
<= m6e_ai_1.00.000019
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CO
<= m6e_ai_1.00.000019
The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly ent
<= m6e_ai_1.00.000019
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.
<= m6e_ai_1.00.000019
The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers
<= m6e_ai_1.00.000019
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error han
<= m6e_ai_1.00.000019
The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized a
<= m6e_ai_1.00.000019
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administra
<= m6e_ai_1.00.000019
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthen
<= m6e_ai_1.00.000019
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.
<= m6e_ai_1.00.000019
The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard
<= m6e_ai_1.00.000019
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injectio