Description
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.
Published: 2026-06-04
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from improper validation in the device dissociation API on Acer Connect M6E 5G Portable WiFi Routers. An unauthenticated or authorized remote actor can send crafted commands that force the router to unbind user endpoints that are unrelated to the actor, causing a severe denial of service for those endpoints and disrupting connectivity for affected users.

Affected Systems

Affected hardware includes Acer Connect M6E 5G Portable WiFi Routers. No specific firmware revisions were disclosed, so all current releases should be considered potentially vulnerable until an update is issued.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.1, signifying a high impact. No EPSS data is available and the issue is not yet listed in the CISA KEV catalog. Attackers can exploit it remotely by targeting the dissociation API endpoint over the management interface. Mitigation is currently limited to vendor firmware updates, so monitoring and restricting access are the primary preventive measures.

Generated by OpenCVE AI on June 4, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update released by Acer.
  • Restrict or disable remote access to the device dissociation API, for example by firewall rules or disabling remote management.
  • Monitor router logs and network traffic for unauthorized unbinding attempts and investigate any suspicious activity.

Generated by OpenCVE AI on June 4, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer connect M6e 5g Portable Wifi Router
Vendors & Products Acer connect M6e 5g Portable Wifi Router

Thu, 04 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
CPEs cpe:2.3:h:acer:connect_m6e_5g:-:*:*:*:*:*:*:*
cpe:2.3:o:acer:connect_m6e_5g_firmware:*:*:*:*:*:*:*:*
Vendors & Products Acer
Acer connect M6e 5g
Acer connect M6e 5g Firmware
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.
Title Arbitrary Remote Device Unbinding
Weaknesses CWE-400
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Acer Connect M6e 5g Connect M6e 5g Firmware Connect M6e 5g Portable Wifi Router
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T12:41:30.651Z

Reserved: 2026-06-04T01:29:10.112Z

Link: CVE-2026-50212

cve-icon Vulnrichment

Updated: 2026-06-04T12:41:27.699Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T09:16:29.847

Modified: 2026-06-04T19:10:20.420

Link: CVE-2026-50212

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:08:44Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption