The ai_cmd utility executes with full root permissions and directly forwards socket input to popen(), enabling unauthenticated users to run arbitrary commands with root authority. This allows attackers to obtain complete control of the router, modify network configuration, exfiltrate data, or pivot to other devices on the network. The weakness is a classic privilege‑escalation scenario arising from improper handling of privileged sockets, documented as CWE-489.

Acer Connect M6E 5G Portable WiFi Router. No specific firmware or hardware revision numbers are listed in the advisory, so any unit running the unpatched ai_cmd binary is potentially vulnerable.

The CVSS score of 8.7 indicates high severity. EPSS is not available, so the probability of exploitation cannot be quantified, but the vulnerability is not listed in CISA’s KEV catalog, suggesting it has not yet been widely exploited publicly. Based on the description, the likely attack vector is an unauthenticated network connection to the ai_cmd socket service, which does not require prior authentication or special privileges.