5.4
CVE-2026-49192
- EPSS 0.14%
- Veröffentlicht 04.06.2026 05:43:55
- Zuletzt bearbeitet 04.06.2026 19:39:27
- Quelle 8fc372e3-d9c5-46e4-9410-384697
- CVE-Watchlists
- Unerledigt
Summary Service Insecure Direct Object Reference
The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Acer ≫ Connect M6e 5g Firmware Version <= m6e_ai_1.00.000019
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.035 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| 8fc372e3-d9c5-46e4-9410-38469745c639 | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://community.acer.com/en/kb/articles/19707