9.8
CVE-2026-49188
- EPSS 0.32%
- Veröffentlicht 04.06.2026 04:08:08
- Zuletzt bearbeitet 04.06.2026 19:40:45
- Quelle 8fc372e3-d9c5-46e4-9410-384697
- CVE-Watchlists
- Unerledigt
Elevated Root Command Execution via ai_cmd Sockets
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Acer ≫ Connect M6e 5g Firmware Version <= m6e_ai_1.00.000019
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.232 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 8fc372e3-d9c5-46e4-9410-38469745c639 | 8.7 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-489 Active Debug Code
The product is released with debugging code still enabled or active.
https://community.acer.com/en/kb/articles/19707