Acer
Products
35- 26 CVEs
- 7 CVEs
- 5 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 35 products →
Recent CVEs
58| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-50214 | Cri | 0.64 | 9.8 | 0.00 | Jun 4, 2026 | The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. | ||
| CVE-2026-50211 | Cri | 0.64 | 9.8 | 0.00 | Jun 4, 2026 | Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. | ||
| CVE-2026-49191 | Cri | 0.64 | 9.8 | 0.00 | Jun 4, 2026 | The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. | ||
| CVE-2026-49188 | Cri | 0.64 | 9.8 | 0.00 | Jun 4, 2026 | The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands. | ||
| CVE-2026-49186 | Cri | 0.64 | 9.8 | 0.00 | Jun 4, 2026 | The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands. | ||
| CVE-2026-49185 | Cri | 0.64 | 9.8 | 0.00 | Jun 4, 2026 | The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. | ||
| CVE-2026-49201 | Cri | 0.64 | 9.8 | 0.00 | May 29, 2026 | The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection. | ||
| CVE-2026-49200 | Cri | 0.64 | 9.8 | 0.01 | May 29, 2026 | The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access. | ||
| CVE-2026-49199 | Cri | 0.64 | 9.8 | 0.01 | May 29, 2026 | Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. | ||
| CVE-2026-49197 | Cri | 0.64 | 9.8 | 0.00 | May 29, 2026 | Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails. | ||
| CVE-2026-50208 | Cri | 0.61 | 9.4 | 0.00 | Jun 4, 2026 | High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic. | ||
| CVE-2026-50225 | Cri | 0.59 | 9.1 | 0.00 | Jun 4, 2026 | The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. | ||
| CVE-2026-49194 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2026 | The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. | ||
| CVE-2026-49190 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2026 | The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. | ||
| CVE-2026-49195 | Hig | 0.57 | 8.8 | 0.00 | May 29, 2026 | Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands. | ||
| CVE-2026-49202 | Hig | 0.56 | 8.6 | 0.00 | Jun 4, 2026 | Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. | ||
| CVE-2026-9789 | Hig | 0.55 | — | 0.00 | May 28, 2026 | A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to… | ||
| CVE-2026-9489 | Hig | 0.55 | — | 0.00 | May 25, 2026 | NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute… | ||
| CVE-2026-49203 | Hig | 0.54 | 8.3 | 0.00 | Jun 4, 2026 | Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. | ||
| CVE-2026-50205 | Hig | 0.53 | 8.2 | 0.00 | Jun 4, 2026 | System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. |
- risk 0.64cvss 9.8epss 0.00
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
- risk 0.64cvss 9.8epss 0.00
Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.
- risk 0.64cvss 9.8epss 0.00
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.
- risk 0.64cvss 9.8epss 0.00
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.
- risk 0.64cvss 9.8epss 0.00
The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.
- risk 0.64cvss 9.8epss 0.00
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.
- risk 0.64cvss 9.8epss 0.00
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.
- risk 0.64cvss 9.8epss 0.01
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.
- risk 0.64cvss 9.8epss 0.01
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
- risk 0.64cvss 9.8epss 0.00
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.
- risk 0.61cvss 9.4epss 0.00
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.
- risk 0.59cvss 9.1epss 0.00
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
- risk 0.57cvss 8.8epss 0.00
The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.
- risk 0.57cvss 8.8epss 0.00
The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.
- risk 0.57cvss 8.8epss 0.00
Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.
- risk 0.56cvss 8.6epss 0.00
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.
- risk 0.55cvss —epss 0.00
A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to…
- risk 0.55cvss —epss 0.00
NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute…
- risk 0.54cvss 8.3epss 0.00
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.
- risk 0.53cvss 8.2epss 0.00
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.