Description
Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from leftover engineering diagnostics and factory-level diagnostic software that remains exposed on retail copies of the router, allowing malicious applications to write directly to internal non‑volatile memory registers. By modifying these registers, an attacker could change firmware configuration, corrupt settings, or insert persistent malicious code, effectively compromising the device’s integrity and potentially its availability. The weakness fits CWE‑134, which addresses uncontrolled format strings that can lead to arbitrary code execution or data modification.

Affected Systems

Acer Connect M6E 5G Portable WiFi Router. No specific firmware versions are listed, so any retail build that has not applied the vendor’s fix is potentially affected.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity with a broad impact. Because EPSS is not available and the issue is not listed in the CISA KEV catalog, current public exploitation data is unclear. However, the likely attack vector is inferred to be local or remote via malicious applications that can access the exposed diagnostics interface, allowing an attacker to elevate privileges on the device. Consequently, the risk remains high, especially for unpatched devices in uncontrolled environments.

Generated by OpenCVE AI on June 4, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to the latest release that removes or disables the exposed diagnostics interfaces.
  • If a firmware update is not immediately available, perform a factory reset to remove malicious applications and restrict NVRAM write access.
  • If the device remains exposed, isolate it from critical networks and monitor for suspicious interactions with diagnostic or logging services.

Generated by OpenCVE AI on June 4, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer connect M6e 5g Portable Wifi Router
Vendors & Products Acer connect M6e 5g Portable Wifi Router

Thu, 04 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
CPEs cpe:2.3:h:acer:connect_m6e_5g:-:*:*:*:*:*:*:*
cpe:2.3:o:acer:connect_m6e_5g_firmware:*:*:*:*:*:*:*:*
Vendors & Products Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.
Title Exposed Factory Testing App Boundaries
Weaknesses CWE-134
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Acer Connect M6e 5g Connect M6e 5g Firmware Connect M6e 5g Portable Wifi Router
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T12:43:05.417Z

Reserved: 2026-06-04T01:29:10.112Z

Link: CVE-2026-50211

cve-icon Vulnrichment

Updated: 2026-06-04T12:43:00.867Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T09:16:29.700

Modified: 2026-06-04T19:13:04.923

Link: CVE-2026-50211

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:08:45Z

Weaknesses
  • CWE-134

    Use of Externally-Controlled Format String