Vulnerability in Acer Connect M6e 5g Portable Wifi Router

CVE-2026-50214

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.

EPSS: 0.000 (5.4th percentile) — read the EPSS interpretation.

Affected products

Acer Connect M6e 5g Portable Wifi Router

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

8fc372e3-d9c5-46e4-9410-38469745c639