PatchSiren cyber security CVE debrief
CVE-2026-50211 Acer CVE debrief
A high-severity vulnerability, CVE-2026-50211, was discovered in Acer Connect M6E 5G firmware. The vulnerability has a CVSS score of 8.8 and allows malicious apps to gain write privileges to internal NVRAM registers due to leftover engineering diagnostics and factory-level diagnostic software exposed on retail builds.
- Vendor
- Acer
- Product
- Connect M6E 5G Portable WiFi Router
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of Acer Connect M6E 5G devices, particularly those using firmware versions up to m6e_ai_1.00.000019, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability, CWE-134, is caused by exposed engineering diagnostics and factory-level diagnostic software on retail builds of Acer Connect M6E 5G firmware. This exposure allows malicious apps to gain write privileges to internal NVRAM registers.
Defensive priority
High
Recommended defensive actions
- Users should update their firmware to the latest version, if available.
- Users should be cautious when installing apps and only install apps from trusted sources.
- Users should monitor their device for any suspicious activity.
Evidence notes
The vulnerability was reported by an unknown source and is listed in the NVD database.
Official resources
-
CVE-2026-50211 CVE record
CVE.org
-
CVE-2026-50211 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
8fc372e3-d9c5-46e4-9410-38469745c639 - Mitigation, Vendor Advisory
CVE-2026-50211 was published on 2026-06-04T09:16:29.700Z and modified on 2026-06-04T19:13:04.923Z.