Description
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability causes the device to record SMTP authentication passwords and employee corporate identification data in plain text within system logs. This exposes confidential credentials and personal data, allowing an attacker who obtains the logs to steal login credentials and potentially gain unauthorized access to corporate resources. The weakness corresponds to CWE-532, Log File Manipulation.

Affected Systems

Acer Connect M6E 5G Portable WiFi Router. No specific firmware version information is provided.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. EPSS score is not available, and the issue is not listed in CISA KEV. The likely attack vector is local or remote access to device logs, but the exact vector is not specified; thus the risk depends on how the logs are stored and accessed.

Generated by OpenCVE AI on June 4, 2026 at 08:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware release from Acer that removes credential logging or corrects the log format.
  • Disable or restrict logging of SMTP authentication credentials in the device configuration.
  • Ensure that log files are stored with strict file permission controls and transmit them only over secure channels if necessary.
  • Change all compromised SMTP credentials and update device passwords.

Generated by OpenCVE AI on June 4, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer connect M6e 5g Portable Wifi Router
Vendors & Products Acer connect M6e 5g Portable Wifi Router

Thu, 04 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
CPEs cpe:2.3:h:acer:connect_m6e_5g:-:*:*:*:*:*:*:*
cpe:2.3:o:acer:connect_m6e_5g_firmware:*:*:*:*:*:*:*:*
Vendors & Products Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
Description System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.
Title Plaintext Log Credential Leakage
Weaknesses CWE-532
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Acer Connect M6e 5g Connect M6e 5g Firmware Connect M6e 5g Portable Wifi Router
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T12:38:53.152Z

Reserved: 2026-06-04T01:29:10.111Z

Link: CVE-2026-50205

cve-icon Vulnrichment

Updated: 2026-06-04T12:38:47.632Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T07:16:28.023

Modified: 2026-06-04T19:25:57.420

Link: CVE-2026-50205

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:08:56Z

Weaknesses
  • CWE-532

    Insertion of Sensitive Information into Log File