Description
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.
Published: 2026-06-04
Score: 9.2 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a permissive TrustAllCerts routine that disables standard TLS certificate validation. Because the router also stores DES keys in the firmware, an attacker performing a man‑in‑the‑middle could intercept encrypted traffic and decrypt it with the known keys, leaking sensitive data.

Affected Systems

Affected product: Acer Connect M6E 5G Portable WiFi Router. No specific version information is provided in the advisory; all firmware revisions for this model may be impacted until a fix is applied.

Risk and Exploitability

CVSS score of 9.2 indicates a high severity issue. While no EPSS score is available, the lack of mitigation implies a high likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers with network access could operate a MITM to intercept traffic; the absence of certificate checks and the presence of weak DES keys provide a straightforward path to decrypt data and potentially read or alter contextual information.

Generated by OpenCVE AI on June 4, 2026 at 09:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update for the Acer Connect M6E 5G router that restores proper TLS certificate validation.
  • Re‑enable TLS certificate validation on the device, ensuring the router does not default to a permissive TrustAllCerts mode.
  • If possible, disable or replace hard‑coded DES keys in the firmware; contact Acer support for guidance.

Generated by OpenCVE AI on June 4, 2026 at 09:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.
Title Permissive TrustAllCerts TLS Verification
Weaknesses CWE-330
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T07:09:45.754Z

Reserved: 2026-06-04T01:29:10.111Z

Link: CVE-2026-50208

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T09:16:29.277

Modified: 2026-06-04T09:16:29.277

Link: CVE-2026-50208

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T09:30:10Z

Weaknesses