Description
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The /v1/account/register registration path in Acer:Connect M6E 5G Portable WiFi Router has no bot mitigation, enabling automated systems to flood the database. This results in resource exhaustion and degraded or unavailable service, effectively denying legitimate account creation and potentially disrupting overall router operation.

Affected Systems

Acer:Connect M6E 5G Portable WiFi Router is affected. No specific firmware versions are listed, so all current releases may be at risk until a patch or mitigation is deployed.

Risk and Exploitability

With a CVSS score of 8.8, the vulnerability is considered high severity. The EPSS score is not available, and it is not listed in CISA KEV, but the lack of authentication and rate limiting on the public registration endpoint makes it a straightforward target for automated attacks. An attacker only needs network access to the router and can repeatedly invoke the endpoint to exhaust bandwidth and storage, leading to a denial of service.

Generated by OpenCVE AI on June 4, 2026 at 11:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy rate limiting or concurrency controls on the /v1/account/register endpoint to restrict the number of requests per IP.
  • Introduce bot detection mechanisms such as CAPTCHAs or behavior analysis to block automated registration attempts.
  • Configure firewall or access control lists to block or throttle repeated registration requests from the same IP addresses.

Generated by OpenCVE AI on June 4, 2026 at 11:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
Title Account Creation Exhaustion
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-06-04T12:22:34.513Z

Reserved: 2026-06-04T09:22:14.582Z

Link: CVE-2026-50225

cve-icon Vulnrichment

Updated: 2026-06-04T12:22:31.137Z

cve-icon NVD

Status : Received

Published: 2026-06-04T10:16:40.123

Modified: 2026-06-04T10:16:40.123

Link: CVE-2026-50225

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T11:30:12Z

Weaknesses