Description
The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.
Published: 2026-06-04
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An MQTT broker that runs on the Acer Connect M6E 5G Portable WiFi Router does not enforce topic‐level access control lists, allowing any client to subscribe to topics using wildcard characters. This flaw enables attackers to enumerate hidden network devices and to publish rogue control commands that can alter configuration or disrupt service. The security consequence is a loss of confidentiality and control over connected devices, potentially leading to denial of service or unauthorized configuration changes.

Affected Systems

Acer:Connect M6E 5G Portable WiFi Router is affected. Specific firmware version information is not listed, so all currently deployed units running the bundled local MQTT broker are considered vulnerable until a later firmware update is applied.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity flaw. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be local network; any client that can reach the broker on the internal network can exploit the weakness by subscribing with wildcards or publishing commands. Because ACL enforcement is absent, the attacker can obtain broad access to topic data and issue control messages, making this a significant risk for network integrity and availability.

Generated by OpenCVE AI on June 4, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to the latest version that includes enforcement of MQTT topic ACLs
  • Configure the broker to require explicit ACL entries for each topic and reject wildcard subscriptions unless explicitly permitted
  • Restrict access to the MQTT broker to trusted clients only, disabling it or requiring secure authentication when the service is not needed

Generated by OpenCVE AI on June 4, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Description The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.
Title Lack of MQTT Broker Topic Access Control Lists
Weaknesses CWE-287
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T03:36:59.864Z

Reserved: 2026-05-28T02:46:15.560Z

Link: CVE-2026-49186

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T04:17:15.550

Modified: 2026-06-04T04:17:15.550

Link: CVE-2026-49186

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T05:30:06Z

Weaknesses