Description
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.
Published: 2026-06-04
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a permissive TrustAllCerts routine that disables standard TLS certificate validation. Because the router also stores DES keys in the firmware, an attacker performing a man‑in‑the‑middle could intercept encrypted traffic and decrypt it with the known keys, leaking sensitive data.

Affected Systems

Affected product: Acer Connect M6E 5G Portable WiFi Router. No specific version information is provided in the advisory; all firmware revisions for this model may be impacted until a fix is applied.

Risk and Exploitability

CVSS score of 9.2 indicates a high severity issue. While no EPSS score is available, the lack of mitigation implies a high likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers with network access could operate a MITM to intercept traffic; the absence of certificate checks and the presence of weak DES keys provide a straightforward path to decrypt data and potentially read or alter contextual information.

Generated by OpenCVE AI on June 4, 2026 at 09:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update for the Acer Connect M6E 5G router that restores proper TLS certificate validation.
  • Re‑enable TLS certificate validation on the device, ensuring the router does not default to a permissive TrustAllCerts mode.
  • If possible, disable or replace hard‑coded DES keys in the firmware; contact Acer support for guidance.

Generated by OpenCVE AI on June 4, 2026 at 09:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer connect M6e 5g Portable Wifi Router
Vendors & Products Acer connect M6e 5g Portable Wifi Router

Thu, 04 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
CPEs cpe:2.3:h:acer:connect_m6e_5g:-:*:*:*:*:*:*:*
cpe:2.3:o:acer:connect_m6e_5g_firmware:*:*:*:*:*:*:*:*
Vendors & Products Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.
Title Permissive TrustAllCerts TLS Verification
Weaknesses CWE-330
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Acer Connect M6e 5g Connect M6e 5g Firmware Connect M6e 5g Portable Wifi Router
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T12:41:58.956Z

Reserved: 2026-06-04T01:29:10.111Z

Link: CVE-2026-50208

cve-icon Vulnrichment

Updated: 2026-06-04T12:41:55.763Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T09:16:29.277

Modified: 2026-06-04T19:14:45.510

Link: CVE-2026-50208

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:08:51Z

Weaknesses
  • CWE-330

    Use of Insufficiently Random Values