By weakness (CWE)
CWE-321: related vulnerabilities
CVEs classified under CWE-321. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-50226MEDIUM 5.3
The AcerConnect OTA (Over-The-Air) application contains hard-coded encryption keys that attackers can exploit to forge authentication tokens for any device. An attacker with network access can use these fixed keys to pose as legitimate devices by spoofing IMEI numbers, granting them the ability to browse firmware catalogs and download protected binary files that should remain restricted. This is a confidentiality issue—attackers gain unauthorized read access to sensitive data, but cannot currently modify or delete it through this vector.