MEDIUM 6.5

CVE-2026-50212: Acer Connect M6E 5G Denial-of-Service API Vulnerability

CVE-2026-50212 is a denial-of-service vulnerability in Acer Connect M6E 5G devices that allows an attacker on the same network segment to remotely disconnect other users' devices without authorization. The flaw stems from inadequate validation in the device dissociation API—the mechanism that normally unbinds user endpoints from the network. An attacker can exploit this to force legitimate users offline, disrupting service availability. No authentication is required, and the attack succeeds with minimal complexity.

Source data · NVD / CISA · public domain

CVSS
3.1 · 6.5 MEDIUM · CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weaknesses (CWE)
CWE-400
Affected products
2 configuration(s)
Published / Modified
2026-06-04 / 2026-06-17

NVD description (verbatim)

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.

1 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability resides in device dissociation API routines within Acer Connect M6E 5G firmware. The underlying issue is classified as CWE-400 (Uncontrolled Resource Consumption), indicating improper validation logic that fails to verify the requester's authorization before processing device unbinding requests. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same network segment; however, once positioned, no privilege or user interaction is needed. The result is uncontrolled disruption of device availability for other users.

Business impact

Service disruption affecting users of Acer Connect M6E 5G mobile hotspot devices. An attacker can selectively disconnect competing or targeted users, preventing them from accessing connectivity. In enterprise or shared-access scenarios, this creates a denial-of-service condition that degrades user experience and productivity. The impact is heightened in environments where hotspot connectivity is critical to operations, such as field teams, temporary offices, or backup internet provisioning.

Affected systems

Acer Connect M6E 5G firmware and the Acer Connect M6E 5G device. Organizations and individuals relying on this 5G mobile hotspot should assess whether they have deployed units in network environments where untrusted parties or less-controlled segments are present.

Exploitability

Exploitation requires presence on the same network segment as the target device (adjacent network access). No authentication, privileges, or user interaction are necessary. An attacker can programmatically invoke the dissociation API with crafted requests targeting arbitrary endpoints. The low attack complexity and absence of access controls make this practical to exploit once an attacker gains network proximity. The vulnerability is not currently tracked in CISA's Known Exploited Vulnerabilities catalog.

Remediation

Apply the firmware patch issued by Acer for the Connect M6E 5G. The patch should restore proper authorization validation to the device dissociation API, ensuring that only authorized requests can unbind endpoints. Until patching is feasible, isolate affected devices on trusted network segments and restrict access to the device management interface from untrusted or semi-trusted networks.

Patch guidance

Check Acer's official security advisory and firmware download portal for the latest Connect M6E 5G firmware release addressing CVE-2026-50212. Verify the firmware version before and after deployment. If automatic firmware updates are available through the device settings, enable them. For enterprise deployments, test patched firmware in a lab environment before rolling out to production. Document the patch version applied for compliance and audit records.

Detection guidance

Monitor network traffic for unusual dissociation API calls to the device management interface. Log any successful device unbinding events and correlate them with user-initiated requests—unauthorized dissociations should trigger alerts. Implement network segmentation to limit which devices can reach the management API. Check device logs for failed authentication attempts against the dissociation endpoint. Intrusion detection signatures targeting malformed or suspicious dissociation payloads may help identify attack attempts in real time.

Why prioritize this

Although assigned a MEDIUM CVSS score (6.5), this vulnerability merits prompt attention because it enables straightforward network-adjacent denial of service with no prerequisites. Organizations operating Acer Connect M6E 5G hotspots in environments where network access cannot be fully controlled—such as co-working spaces, public venues, or field operations—face practical exploitation risk. The availability impact is direct and user-facing, making it operationally disruptive even if confidentiality and integrity are not compromised.

Risk score, explained

CVSS 3.1 score of 6.5 (MEDIUM) reflects attack vector AV:A (adjacent network), low attack complexity, no privilege requirement, and high availability impact. The score appropriately captures a network-local threat with significant disruption potential. However, business risk may be higher in scenarios where hotspot availability is mission-critical or where network perimeter controls are weak, warranting consideration of organizational context when prioritizing remediation.

Frequently asked questions

Can this vulnerability be exploited from the internet?

No. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same network segment as the target device. Attacks cannot be launched across the internet or through the device's WAN interface.

Does the attacker need credentials or special privileges?

No. The vulnerability explicitly requires no privileges (PR:N) and no user interaction (UI:N). An unauthenticated party with network proximity can trigger the dissociation API.

What happens if my device is disconnected via this vulnerability?

The device is forcibly unbound from the network by the API, causing you to lose connectivity. The device itself remains functional and can be manually re-associated, but the attack creates an immediate availability disruption.

Will this vulnerability affect my device if I never connect to untrusted networks?

Risk is minimal if your Acer Connect M6E 5G is used exclusively in fully trusted environments. However, if you use it in shared spaces, public venues, or environments where you do not control all other network participants, the risk is elevated until you apply the patch.

This analysis is provided for informational purposes and based on publicly available vulnerability data as of the publication date. Readers should verify all patch versions, firmware URLs, and remediation steps against official Acer security advisories and product documentation. No exploit code or weaponization steps are included. Organizations should conduct their own risk assessment based on network architecture, deployment context, and business requirements. SEC.co makes no warranty regarding the completeness or accuracy of third-party vendor information and recommends direct contact with Acer support for device-specific guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).