PatchSiren cyber security CVE debrief
CVE-2026-50214 Acer CVE debrief
CVE-2026-50214 is a critical vulnerability with a CVSS score of 9.3, affecting the /v1/Plan service, which relies entirely on a shared global API token for full administrative management. This allows for arbitrary creation of zero-cost network access plans. The vulnerability was published on 2026-06-04T10:16:39.850Z and modified on 2026-06-08T12:56:12.743Z.
- Vendor
- Acer
- Product
- Connect M6E 5G Portable WiFi Router
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of Acer Connect M6E 5G firmware should be aware of this critical vulnerability and take necessary actions to mitigate it.
Technical summary
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates provided by the vendor (see resourceLinkAnnotations 'ref-4')
- Review and update API tokens and administrative management configurations
Evidence notes
Evidence from NVD (resourceLinkAnnotations 'nvd') and CVE.org (resourceLinkAnnotations 'cve-org') supports the details of this vulnerability.
Official resources
-
CVE-2026-50214 CVE record
CVE.org
-
CVE-2026-50214 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
8fc372e3-d9c5-46e4-9410-38469745c639 - Mitigation, Vendor Advisory
CVE-2026-50214 was published on 2026-06-04T10:16:39.850Z and modified on 2026-06-08T12:56:12.743Z.