Information disclosure in Acer Connect M6e 5g Portable Wifi Router

CVE-2026-50224

The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.

Vulnerability class: Information Disclosure

EPSS: 0.000 (11.9th percentile) — read the EPSS interpretation.

Affected products

Acer Connect M6e 5g Portable Wifi Router

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

8fc372e3-d9c5-46e4-9410-38469745c639