Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-49204— Hard-coded AWS Cognito Testing Accounts

AI Predicted 8.1 Difficulty: Trivial EPSS 0.16% · P5

Affected Version Matrix 1

VendorProductVersion RangeStatus
AcerConnect M6E 5G Portable WiFi Router*≤ M6E_AI_1.00.000019affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-49204

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Hard-coded AWS Cognito Testing Accounts
Source: NVD (National Vulnerability Database)
Vulnerability Description
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
Acer M6E 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Acer M6E是中国台湾宏碁(Acer)公司的一款便携式5G移动热点设备。 Acer M6E存在安全漏洞,该漏洞源于遗留调试模块包含内部AWS Cognito测试沙箱的固定凭据,可能导致资产被利用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AcerConnect M6E 5G Portable WiFi Router * ~ M6E_AI_1.00.000019 -

II. Public POCs for CVE-2026-49204

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-49204

登录查看更多情报信息。

Vendor Advisories for CVE-2026-49204 (1)

Same Patch Batch · Acer · 2026-06-04 · 26 CVEs total

CVE-2026-50224Unauthenticated IPv6 WAN Management Exposure
CVE-2026-50206VPN Command Injection Vulnerability
CVE-2026-50205Plaintext Log Credential Leakage
CVE-2026-50207Local Modem Manipulation via Binder Interfaces
CVE-2026-50226Firmware Theft & IMEI Spoofing via Connect-OTA
CVE-2026-50225Account Creation Exhaustion
CVE-2026-50212Arbitrary Remote Device Unbinding
CVE-2026-50211Exposed Factory Testing App Boundaries
CVE-2026-50209MDM Server Registration Overriding
CVE-2026-50210Weak Static Cryptographic Initialization Vectors
CVE-2026-50213Bulk User Private Data Harvesting
CVE-2026-50208Permissive TrustAllCerts TLS Verification
CVE-2026-50214Shared Secret Quota Inflation
CVE-2026-49203Unauthenticated eSIM Configuration Manipulation
CVE-2026-49186Lack of MQTT Broker Topic Access Control Lists
CVE-2026-49191Exposed Hard-coded M3WebServer Backend API Key
CVE-2026-49189Broadcast Receiver Privilege Escalation
CVE-2026-49190Missing Per-Instruction Authorization Checks
CVE-2026-49192Summary Service Insecure Direct Object Reference
CVE-2026-49202Unverified Meeting Recording Endpoints & Permissive CORS

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Connect M6E 5G Portable WiFi Router
Same vendor: Acer
Same weakness: CWE-798

V. Comments for CVE-2026-49204

No comments yet

Leave a comment