CVE-2026-50225: CWE-306: Missing Authentication for Critical Function in Acer Connect M6E 5G Portable WiFi Router
CVE-2026-50225 is a high-severity vulnerability in the Acer Connect M6E 5G Portable WiFi Router. The issue involves the registration endpoint /v1/account/register, which lacks bot mitigation mechanisms. This absence of authentication or anti-automation controls allows malicious automated systems to flood the registration database. There is no official patch or remediation level provided by the vendor at this time. The vulnerability has a CVSS 4. 0 base score of 8. 8, indicating a significant security risk. No known exploits are reported in the wild. The vendor has not indicated any mitigation or fix, and patch status is not yet confirmed. No affected countries are specified.
AI Analysis
Technical Summary
CVE-2026-50225 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting the Acer Connect M6E 5G Portable WiFi Router. The vulnerability arises because the registration API endpoint (/v1/account/register) does not implement bot mitigation or authentication controls, enabling automated systems to submit large volumes of registration requests. This can lead to database flooding, potentially impacting service availability or integrity. The CVSS 4.0 score of 8.8 reflects network attack vector, no privileges or user interaction required, and high impact on availability. No official patch or remediation guidance is currently available from Acer.
Potential Impact
The vulnerability allows unauthenticated automated systems to flood the registration database via the /v1/account/register endpoint. This can degrade service availability or cause denial of service conditions by overwhelming backend resources. There is no indication of direct data compromise or privilege escalation from the provided information. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider implementing external mitigations such as network-level rate limiting or web application firewalls to detect and block automated registration attempts. Monitor for unusual registration activity. Do not assume the vulnerability is mitigated without vendor confirmation.
CVE-2026-50225: CWE-306: Missing Authentication for Critical Function in Acer Connect M6E 5G Portable WiFi Router
Description
CVE-2026-50225 is a high-severity vulnerability in the Acer Connect M6E 5G Portable WiFi Router. The issue involves the registration endpoint /v1/account/register, which lacks bot mitigation mechanisms. This absence of authentication or anti-automation controls allows malicious automated systems to flood the registration database. There is no official patch or remediation level provided by the vendor at this time. The vulnerability has a CVSS 4. 0 base score of 8. 8, indicating a significant security risk. No known exploits are reported in the wild. The vendor has not indicated any mitigation or fix, and patch status is not yet confirmed. No affected countries are specified.
CVSS v4.0
Score 8.8high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-50225 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting the Acer Connect M6E 5G Portable WiFi Router. The vulnerability arises because the registration API endpoint (/v1/account/register) does not implement bot mitigation or authentication controls, enabling automated systems to submit large volumes of registration requests. This can lead to database flooding, potentially impacting service availability or integrity. The CVSS 4.0 score of 8.8 reflects network attack vector, no privileges or user interaction required, and high impact on availability. No official patch or remediation guidance is currently available from Acer.
Potential Impact
The vulnerability allows unauthenticated automated systems to flood the registration database via the /v1/account/register endpoint. This can degrade service availability or cause denial of service conditions by overwhelming backend resources. There is no indication of direct data compromise or privilege escalation from the provided information. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider implementing external mitigations such as network-level rate limiting or web application firewalls to detect and block automated registration attempts. Monitor for unusual registration activity. Do not assume the vulnerability is mitigated without vendor confirmation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Acer
- Date Reserved
- 2026-06-04T09:22:14.582Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a214d9ae29bf47b509232e2
Added to database: 6/4/2026, 10:04:10 AM
Last enriched: 6/4/2026, 10:18:27 AM
Last updated: 6/4/2026, 11:08:12 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.