Description
The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.
Published: 2026-06-04
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the debugging routine SCREEN_CLICK(5053), which allows a remote or local attacker to bypass the standard device login prompt and directly spawn an interactive shell on the router. This flaw results in a full authentication bypass and grants the attacker the same privileges as a legitimate user, effectively providing remote code execution on the device.

Affected Systems

Acer Connect M6E 5G Portable WiFi Router is affected. No specific firmware version information is provided in the current data.

Risk and Exploitability

The CVSS score of 9.4 indicates a critical severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the lack of EPSS does not diminish the potential risk. The likely attack vector is through the provision of the debugging instruction over a communication channel that the device accepts, which an attacker could trigger from a nearby or remote network if the debug interface is exposed. If exploited, the attacker gains unrestricted access to device configuration and network traffic, posing severe confidentiality, integrity, and availability risks.

Generated by OpenCVE AI on June 4, 2026 at 08:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that removes or disables the SCREEN_CLICK debugging routine.
  • Disable or restrict the debug interface via firewall or access control lists, ensuring that only trusted local management traffic can reach it.
  • Monitor device logs for unexpected interactive shell sessions or SCREEN_CLICK command usage, and investigate any anomalies immediately.

Generated by OpenCVE AI on June 4, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
CPEs cpe:2.3:h:acer:connect_m6e_5g:-:*:*:*:*:*:*:*
cpe:2.3:o:acer:connect_m6e_5g_firmware:*:*:*:*:*:*:*:*
Vendors & Products Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
Description The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.
Title SCREEN_CLICK Authentication Bypass
Weaknesses CWE-287
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Acer Connect M6e 5g Connect M6e 5g Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T12:34:16.303Z

Reserved: 2026-05-28T02:46:15.561Z

Link: CVE-2026-49194

cve-icon Vulnrichment

Updated: 2026-06-04T12:34:12.996Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T07:16:27.437

Modified: 2026-06-04T19:38:42.263

Link: CVE-2026-49194

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T08:30:09Z

Weaknesses