Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-50224— Unauthenticated IPv6 WAN Management Exposure

AI Predicted 9.1 Difficulty: Trivial EPSS 0.23% · P14

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 1

VendorProductVersion RangeStatus
AcerConnect M6E 5G Portable WiFi Router*≤ M6E_AI_1.00.000019affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-50224

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Unauthenticated IPv6 WAN Management Exposure
Source: NVD (National Vulnerability Database)
Vulnerability Description
The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Acer M6E 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Acer M6E是中国台湾宏碁(Acer)公司的一款便携式5G移动热点设备。 Acer M6E存在安全漏洞,该漏洞源于Web管理面板广泛绑定到公共IPv6地址空间的端口[::]:8080且无默认防火墙限制,可能导致内部API端点通过广域网可达。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AcerConnect M6E 5G Portable WiFi Router * ~ M6E_AI_1.00.000019 -

II. Public POCs for CVE-2026-50224

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-50224

登录查看更多情报信息。

Vendor Advisories for CVE-2026-50224 (1)

Same Patch Batch · Acer · 2026-06-04 · 26 CVEs total

CVE-2026-49186Lack of MQTT Broker Topic Access Control Lists
CVE-2026-50206VPN Command Injection Vulnerability
CVE-2026-50205Plaintext Log Credential Leakage
CVE-2026-50207Local Modem Manipulation via Binder Interfaces
CVE-2026-50226Firmware Theft & IMEI Spoofing via Connect-OTA
CVE-2026-50225Account Creation Exhaustion
CVE-2026-50212Arbitrary Remote Device Unbinding
CVE-2026-50211Exposed Factory Testing App Boundaries
CVE-2026-50209MDM Server Registration Overriding
CVE-2026-50210Weak Static Cryptographic Initialization Vectors
CVE-2026-50213Bulk User Private Data Harvesting
CVE-2026-50208Permissive TrustAllCerts TLS Verification
CVE-2026-50214Shared Secret Quota Inflation
CVE-2026-49204Hard-coded AWS Cognito Testing Accounts
CVE-2026-49191Exposed Hard-coded M3WebServer Backend API Key
CVE-2026-49189Broadcast Receiver Privilege Escalation
CVE-2026-49190Missing Per-Instruction Authorization Checks
CVE-2026-49192Summary Service Insecure Direct Object Reference
CVE-2026-49202Unverified Meeting Recording Endpoints & Permissive CORS
CVE-2026-49194SCREEN_CLICK Authentication Bypass

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Connect M6E 5G Portable WiFi Router
Same vendor: Acer
Same weakness: CWE-200

V. Comments for CVE-2026-50224

No comments yet

Leave a comment