acer 漏洞與 CVE 列表(53)

產品(CPE): — CVE 數: 53

acer 漏洞概覽

彙總 acer 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與 路徑處理缺陷、記憶體損壞與緩衝區溢位 相關,可能在 軟體部署與生產負載 場景中帶來 檔案覆寫與記憶體損壞 等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12053 CVE 數
«« 第一頁 « 上一頁 第 1 / 3 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-50226 Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links. 8fc372e3-d9c5-46e4-9410-38469745c639 6.9 0.19% 2026-06-04 2026-06-17
CVE-2026-50225 The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. 8fc372e3-d9c5-46e4-9410-38469745c639 8.8 0.24% 2026-06-04 2026-06-17
CVE-2026-50224 The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. 8fc372e3-d9c5-46e4-9410-38469745c639 6.9 0.23% 2026-06-04 2026-06-17
CVE-2026-50214 The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. 8fc372e3-d9c5-46e4-9410-38469745c639 9.3 0.17% 2026-06-04 2026-06-17
CVE-2026-50213 The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. 8fc372e3-d9c5-46e4-9410-38469745c639 8.7 0.24% 2026-06-04 2026-06-17
CVE-2026-50212 Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service. 8fc372e3-d9c5-46e4-9410-38469745c639 7.1 0.17% 2026-06-04 2026-06-17
CVE-2026-50211 Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. 8fc372e3-d9c5-46e4-9410-38469745c639 8.8 0.31% 2026-06-04 2026-06-17
CVE-2026-50210 The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption. 8fc372e3-d9c5-46e4-9410-38469745c639 6.9 0.24% 2026-06-04 2026-06-17
CVE-2026-50209 Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. 8fc372e3-d9c5-46e4-9410-38469745c639 9.3 0.10% 2026-06-04 2026-06-17
CVE-2026-50208 High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic. 8fc372e3-d9c5-46e4-9410-38469745c639 9.2 0.14% 2026-06-04 2026-06-17
CVE-2026-50207 The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity. 8fc372e3-d9c5-46e4-9410-38469745c639 8.5 0.14% 2026-06-04 2026-06-17
CVE-2026-50206 Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files. 8fc372e3-d9c5-46e4-9410-38469745c639 8.5 0.72% 2026-06-04 2026-06-17
CVE-2026-50205 System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. 8fc372e3-d9c5-46e4-9410-38469745c639 8.8 0.24% 2026-06-04 2026-06-17
CVE-2026-49204 Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. 8fc372e3-d9c5-46e4-9410-38469745c639 6.9 0.16% 2026-06-04 2026-06-17
CVE-2026-49203 Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. 8fc372e3-d9c5-46e4-9410-38469745c639 7.2 0.17% 2026-06-04 2026-06-17
CVE-2026-49202 Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. 8fc372e3-d9c5-46e4-9410-38469745c639 8.8 0.26% 2026-06-04 2026-06-17
CVE-2026-49194 The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. 8fc372e3-d9c5-46e4-9410-38469745c639 9.4 0.23% 2026-06-04 2026-06-17
CVE-2026-49193 Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet. 8fc372e3-d9c5-46e4-9410-38469745c639 8.7 0.24% 2026-06-04 2026-06-17
CVE-2026-49192 The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping. 8fc372e3-d9c5-46e4-9410-38469745c639 5.3 0.14% 2026-06-04 2026-06-17
CVE-2026-49191 The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. 8fc372e3-d9c5-46e4-9410-38469745c639 9.3 0.29% 2026-06-04 2026-06-17
«« 第一頁 « 上一頁 第 1 / 3 頁 下一頁 »
cvelogic Threat Intelligence