8.3

CVE-2026-49203

Unauthenticated eSIM Configuration Manipulation

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AcerConnect M6e 5g Firmware Version <= m6e_ai_1.00.000019
   AcerConnect M6e 5g Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.064
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.3 2.8 5.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
8fc372e3-d9c5-46e4-9410-38469745c639 7.2 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://community.acer.com/en/kb/articles/19707
Vendor Advisory
Mitigation