Description
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption.
Published: 2026-06-04
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from the use of a zero‑filled initialization vector in AES‑CBC encryption on the device. Because the same IV is reused for every encryption, identical plaintext blocks produce identical ciphertext blocks, enabling an attacker to perform replay attacks or to correlate ciphertext with known plaintext. This directly threatens the confidentiality of data transmitted by the router.

Affected Systems

Acer’s Connect M6E 5G Portable WiFi Router is affected. No specific firmware version information is provided, so all current installations of this model may be vulnerable.

Risk and Exploitability

The CVSS score of 6.9 places the issue in the medium severity range. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. An attacker who can intercept traffic between the router and its clients can exploit the static IV to replay captured frames or to decrypt known plaintext segments, potentially gaining access to sensitive information transmitted over the network.

Generated by OpenCVE AI on June 4, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that generates random IVs for AES‑CBC encryption.
  • If no firmware update is available, disable the encrypted management interface or restrict its use to a secure, isolated network segment.
  • Monitor traffic for repeating ciphertext patterns and consider adding VPN or network segmentation to limit exposure.

Generated by OpenCVE AI on June 4, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer connect M6e 5g Portable Wifi Router
Vendors & Products Acer connect M6e 5g Portable Wifi Router

Thu, 04 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
CPEs cpe:2.3:h:acer:connect_m6e_5g:-:*:*:*:*:*:*:*
cpe:2.3:o:acer:connect_m6e_5g_firmware:*:*:*:*:*:*:*:*
Vendors & Products Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption.
Title Weak Static Cryptographic Initialization Vectors
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Acer Connect M6e 5g Connect M6e 5g Firmware Connect M6e 5g Portable Wifi Router
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T12:42:41.894Z

Reserved: 2026-06-04T01:29:10.112Z

Link: CVE-2026-50210

cve-icon Vulnrichment

Updated: 2026-06-04T12:42:38.829Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T09:16:29.563

Modified: 2026-06-04T19:11:10.337

Link: CVE-2026-50210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:08:47Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor