8.3
CVE-2026-49203
- EPSS 0.17%
- Veröffentlicht 04.06.2026 06:25:22
- Zuletzt bearbeitet 04.06.2026 19:38:23
- Quelle 8fc372e3-d9c5-46e4-9410-384697
- CVE-Watchlists
- Unerledigt
Unauthenticated eSIM Configuration Manipulation
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Acer ≫ Connect M6e 5g Firmware Version <= m6e_ai_1.00.000019
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.064 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.3 | 2.8 | 5.5 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
|
| 8fc372e3-d9c5-46e4-9410-38469745c639 | 7.2 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://community.acer.com/en/kb/articles/19707