PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-50209 Acer CVE debrief

A critical vulnerability in Acer Connect M6E 5G firmware allows malicious software on the device to intercept and exploit broadcast events, rewriting the default Mobile Device Management (MDM) endpoint address. This redirects administrative control to an attacker-controlled server, effectively transferring device ownership. The flaw is rated CVSS 4.0 critical with high impacts across confidentiality, integrity, and availability for both the vulnerable system and subsequent systems. The weakness relates to incorrect permission assignment (CWE-732), suggesting broadcast receivers or configuration interfaces lack adequate access controls. Acer has published a vendor advisory with mitigation guidance.

Vendor
Acer
Product
Connect M6E 5G
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-04
Advisory published
2026-06-04
Advisory updated
2026-06-04

Who should care

Organizations deploying Acer Connect M6E 5G mobile hotspots for field operations, remote work, or IoT connectivity; mobile device management administrators responsible for fleet security; network security teams managing device onboarding and certificate validation; and procurement teams evaluating firmware update commitments for networking hardware.

Technical summary

The vulnerability exists in Acer Connect M6E 5G firmware versions through M6E_AI_1.00.000019. A local attacker with low privileges can exploit insecure broadcast event handling to modify the device's configured MDM endpoint URL. Because MDM frameworks typically establish persistent administrative control over device configuration, security policies, and remote commands, redirecting the endpoint to an attacker-controlled server grants full device administration. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) reflects that no user interaction is required and impacts extend to subsequent systems through the compromised device's network access and trusted status.

Defensive priority

critical

Recommended defensive actions

  • Apply Acer firmware updates beyond M6E_AI_1.00.000019 as soon as available per vendor advisory
  • Restrict physical and local access to affected Acer Connect M6E 5G devices to trusted administrators only
  • Monitor network traffic for unexpected MDM server connections or certificate validation failures
  • Review and harden MDM enrollment profiles to require certificate pinning or additional authentication factors
  • Audit devices for unauthorized MDM profiles or changed endpoint configurations
  • Segment IoT and mobile hotspot devices from critical network zones to limit lateral movement if compromised

Evidence notes

CVE published and modified 2026-06-04. NVD status: Analyzed. CVSS 4.0 vector confirms local attack vector with low attack complexity, no user interaction, and high impacts across all security dimensions. CPE identifies affected firmware versions through M6E_AI_1.00.000019.

Official resources

public