VYPR
Vendor

Acer

Products
35
CVEs
58
Across products
71
Status
Private

Products

35
View all 35 products →

Recent CVEs

58
View all 58 CVEs →
  • CVE-2026-50214CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.

  • CVE-2026-50211CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.

  • CVE-2026-49191CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.

  • CVE-2026-49188CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.

  • CVE-2026-49186CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.

  • CVE-2026-49185CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.

  • CVE-2026-49201CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.

  • CVE-2026-49200CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

  • CVE-2026-49199CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

  • CVE-2026-49197CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

  • CVE-2026-50208CriJun 4, 2026
    risk 0.61cvss 9.4epss 0.00

    High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.

  • CVE-2026-50225CriJun 4, 2026
    risk 0.59cvss 9.1epss 0.00

    The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.

  • CVE-2026-49194HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.

  • CVE-2026-49190HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.

  • CVE-2026-49195HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.

  • CVE-2026-49202HigJun 4, 2026
    risk 0.56cvss 8.6epss 0.00

    Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.

  • CVE-2026-9789HigMay 28, 2026
    risk 0.55cvss epss 0.00

    A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to…

  • CVE-2026-9489HigMay 25, 2026
    risk 0.55cvss epss 0.00

    NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute…

  • CVE-2026-49203HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.

  • CVE-2026-50205HigJun 4, 2026
    risk 0.53cvss 8.2epss 0.00

    System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.