Description
A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of the file /bin.rar of the component Backup File Handler. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-05
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

A flaw in Acrel Electrical Prepaid Cloud Platform version 1.0 allows an attacker to manipulate the /bin.rar file processed by the Backup File Handler component. The improper handling of this file leads to disclosure of information that should remain confidential during the backup process. The resulting data exposure is the principal impact of the vulnerability.

Affected Systems

The only explicitly affected product is Acrel Electrical Prepaid Cloud Platform, version 1.0. No other vendors, versions, or components are listed in the available data.

Risk and Exploitability

The vulnerability has a CVSS score of 6.9, indicating moderate severity. The EPSS score is not available, so the exact likelihood of exploitation is unknown, but the flaw is supported by a publicly available exploit. The vendor has not issued a fix, so the risk remains significant. The vulnerability can be exploited remotely, so an attacker does not require local access to the affected system.

Generated by OpenCVE AI on April 6, 2026 at 01:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for vendor releases or patches for Acrel Electrical Prepaid Cloud Platform 1.0 and apply them immediately.
  • If no patch is available, restrict network access to the Backup File Handler endpoint or isolate the affected system from external networks.
  • Monitor system logs for abnormal activity related to the /bin.rar file or unexpected backup operations.

Generated by OpenCVE AI on April 6, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Acrel Electrical
Acrel Electrical prepaid Cloud Platform
Vendors & Products Acrel Electrical
Acrel Electrical prepaid Cloud Platform

Sun, 05 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of the file /bin.rar of the component Backup File Handler. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Acrel Electrical Prepaid Cloud Platform Backup File bin.rar information disclosure
Weaknesses CWE-200
CWE-284
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Acrel Electrical Prepaid Cloud Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-07T02:56:54.182Z

Reserved: 2026-04-05T13:21:23.138Z

Link: CVE-2026-5601

cve-icon Vulnrichment

Updated: 2026-04-07T02:56:50.729Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-05T22:16:02.047

Modified: 2026-04-07T13:20:35.010

Link: CVE-2026-5601

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:48:09Z

Weaknesses