VYPR

Vendor CVEs

Acer

All CVEs

58 total · sorted by risk
  • CVE-2026-50214CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.

  • CVE-2026-50211CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.

  • CVE-2026-49191CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.

  • CVE-2026-49188CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.

  • CVE-2026-49186CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.

  • CVE-2026-49185CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.

  • CVE-2026-49201CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.

  • CVE-2026-49200CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

  • CVE-2026-49199CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

  • CVE-2026-49197CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

  • CVE-2026-50208CriJun 4, 2026
    risk 0.61cvss 9.4epss 0.00

    High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.

  • CVE-2026-50225CriJun 4, 2026
    risk 0.59cvss 9.1epss 0.00

    The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.

  • CVE-2026-49194HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.

  • CVE-2026-49190HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.

  • CVE-2026-49195HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.

  • CVE-2026-49202HigJun 4, 2026
    risk 0.56cvss 8.6epss 0.00

    Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.

  • CVE-2026-9789HigMay 28, 2026
    risk 0.55cvss epss 0.00

    A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to…

  • CVE-2026-9489HigMay 25, 2026
    risk 0.55cvss epss 0.00

    NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute…

  • CVE-2026-49203HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.

  • CVE-2026-50205HigJun 4, 2026
    risk 0.53cvss 8.2epss 0.00

    System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.

  • CVE-2026-50209HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker.

  • CVE-2026-50207HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity.

  • CVE-2026-49189HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.

  • CVE-2019-25302HigFeb 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to…

  • CVE-2020-36976HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registration\ to inject…

  • CVE-2021-47823HigJan 16, 2026
    risk 0.51cvss 7.8epss 0.00

    Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with…

  • CVE-2025-14305HigDec 17, 2025
    risk 0.51cvss 7.8epss 0.00

    ListCheck.exe developed by Acer has a Local Privilege Escalation vulnerability. Authenticated local attackers can replace ListCheck.exe with a malicious executable of the same name, which will be executed by the system and result in privilege escalation.

  • CVE-2026-50213HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings.

  • CVE-2026-50210HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption.

  • CVE-2026-49193HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.

  • CVE-2026-49187HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.

  • CVE-2026-49196HigMay 29, 2026
    risk 0.47cvss 7.2epss 0.00

    The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.

  • CVE-2026-50206MedJun 4, 2026
    risk 0.44cvss 6.8epss 0.01

    Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files.

  • CVE-2026-50212MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.

  • CVE-2026-49204MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation.

  • CVE-2026-9490MedMay 25, 2026
    risk 0.36cvss 5.5epss 0.00

    A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe,…

  • CVE-2026-49192MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping.

  • CVE-2016-5648MedJun 8, 2017
    risk 0.35cvss 5.3epss 0.01

    Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.

  • CVE-2026-50226MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

  • CVE-2026-50224MedJun 4, 2026
    risk 0.32cvss 4.9epss 0.00

    The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.

  • CVE-2026-49198MedMay 29, 2026
    risk 0.32cvss 4.9epss 0.00

    Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.

  • CVE-2006-6121Nov 26, 2006
    risk 0.04cvss epss 0.12

    Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.

  • CVE-2023-48034Nov 27, 2023
    risk 0.00cvss epss 0.00

    An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.

  • CVE-2022-40080Feb 16, 2023
    risk 0.00cvss epss 0.00

    Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.

  • CVE-2022-41415Oct 19, 2022
    risk 0.00cvss epss 0.01

    Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable.

  • CVE-2022-30426Sep 22, 2022
    risk 0.00cvss epss 0.00

    There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This…

  • CVE-2022-24285Mar 8, 2022
    risk 0.00cvss epss 0.00

    Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general…

  • CVE-2022-24286Mar 8, 2022
    risk 0.00cvss epss 0.00

    Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights…

  • CVE-2021-45975Jan 26, 2022
    risk 0.00cvss epss 0.01

    In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker…

  • CVE-2019-18670Dec 17, 2019
    risk 0.00cvss epss 0.01

    In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL…

Page 1 of 2