Description
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
Published: 2026-06-04
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the /v1/Plan service stems from its reliance on a shared global API token that grants full administrative control, enabling an attacker who obtains this token to create unlimited zero‑cost network access plans. This leads to unauthorized configuration changes that can affect service integrity and potentially disrupt network operation. The flaw is a broken resource usage control (CWE‑345).

Affected Systems

The issue affects Acer Connect M6E 5G Portable WiFi Router firmware that includes the vulnerable service. Because no specific affected versions are listed, any firmware version containing the /v1/Plan endpoint that uses a shared API token may be compromised. Administrators should verify which firmware versions are in use and seek an update that removes the shared token requirement.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity, and while the EPSS score is not available, the lack of a publicly known exploit does not reduce the risk if an attacker can gain the API token. The vulnerability can be exploited remotely through the exposed API, and could also be leveraged locally if physical access or social engineering occurs. No KEV listing currently exists, but the potential for large‑scale quota inflation warrants immediate attention. Applying a vendor‑issued fix or mitigating controls is essential.

Generated by OpenCVE AI on June 4, 2026 at 11:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Acer firmware that removes or protects the global API token used by /v1/Plan.
  • If no firmware fix is available, limit API access by configuring firewall rules to permit connections to /v1/Plan only from known administrative IP addresses and block external traffic.
  • Enable logging and monitor the router for unexpected creation of zero‑cost network access plans, and investigate any anomalies promptly.

Generated by OpenCVE AI on June 4, 2026 at 11:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
Title Shared Secret Quota Inflation
Weaknesses CWE-345
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T13:07:09.202Z

Reserved: 2026-06-04T01:29:10.112Z

Link: CVE-2026-50214

cve-icon Vulnrichment

Updated: 2026-06-04T13:07:03.912Z

cve-icon NVD

Status : Received

Published: 2026-06-04T10:16:39.850

Modified: 2026-06-04T10:16:39.850

Link: CVE-2026-50214

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T11:30:12Z

Weaknesses