PatchSiren cyber security CVE debrief
CVE-2026-50210 Acer CVE debrief
CVE-2026-50210 is a vulnerability in Acer Connect M6E 5G firmware. The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption. This vulnerability has a CVSS score of 6.9 and a severity of MEDIUM.
- Vendor
- Acer
- Product
- Connect M6E 5G Portable WiFi Router
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Administrators and users of Acer Connect M6E 5G devices should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
The vulnerability is caused by the use of static zero-filled Initialization Vectors (IVs) in AES-CBC encryption, which makes the device susceptible to replay attacks and known-plaintext decryption.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor (see resourceLinkAnnotations 'ref-4')
- Review and update security configurations to ensure best practices are followed
Evidence notes
The vulnerability is confirmed by the vendor and has been analyzed by official vulnerability databases.
Official resources
-
CVE-2026-50210 CVE record
CVE.org
-
CVE-2026-50210 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
8fc372e3-d9c5-46e4-9410-38469745c639 - Mitigation, Vendor Advisory
CVE-2026-50210 was published on 2026-06-04T09:16:29.563Z and modified on 2026-06-04T19:11:10.337Z.