Description
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.
Published: 2026-06-04
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ai_cmd utility executes with full root permissions and directly forwards socket input to popen(), enabling unauthenticated users to run arbitrary commands with root authority. This allows attackers to obtain complete control of the router, modify network configuration, exfiltrate data, or pivot to other devices on the network. The weakness is a classic privilege‑escalation scenario arising from improper handling of privileged sockets, documented as CWE-489.

Affected Systems

Acer Connect M6E 5G Portable WiFi Router. No specific firmware or hardware revision numbers are listed in the advisory, so any unit running the unpatched ai_cmd binary is potentially vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. EPSS is not available, so the probability of exploitation cannot be quantified, but the vulnerability is not listed in CISA’s KEV catalog, suggesting it has not yet been widely exploited publicly. Based on the description, the likely attack vector is an unauthenticated network connection to the ai_cmd socket service, which does not require prior authentication or special privileges.

Generated by OpenCVE AI on June 4, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router to the latest firmware released by Acer that contains the ai_cmd fix.
  • Restrict access to the ai_cmd socket by configuring firewall rules to allow connections only from trusted local devices.
  • If an update is not available, disable or remove the ai_cmd service and binary to eliminate the privileged execution path.

Generated by OpenCVE AI on June 4, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer connect M6e 5g Portable Wifi Router
Vendors & Products Acer connect M6e 5g Portable Wifi Router

Thu, 04 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
CPEs cpe:2.3:h:acer:connect_m6e_5g:-:*:*:*:*:*:*:*
cpe:2.3:o:acer:connect_m6e_5g_firmware:*:*:*:*:*:*:*:*
Vendors & Products Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 05:30:00 +0000

Type Values Removed Values Added
Description The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.
Title Elevated Root Command Execution via ai_cmd Sockets
Weaknesses CWE-489
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Acer Connect M6e 5g Connect M6e 5g Firmware Connect M6e 5g Portable Wifi Router
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T12:36:02.610Z

Reserved: 2026-05-28T02:46:15.560Z

Link: CVE-2026-49188

cve-icon Vulnrichment

Updated: 2026-06-04T12:35:58.378Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T06:16:24.583

Modified: 2026-06-04T19:40:45.817

Link: CVE-2026-49188

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:09:15Z

Weaknesses