How is CVE-2026-49193 exploited?

Network reachability (required): The vulnerable S3 buckets are exposed directly over the internet, so an attacker must be able to reach them via a standard network connection. Authentication (not-required): No credentials or account of any kind are needed; the buckets are publicly readable by any internet client. Victim interaction (not-required): Exploitation is entirely passive from the attacker's perspective and requires no action by any user or device owner. Attack complexity (info): Exploit conditions are straightforward and reliable, with no race conditions or environmental dependencies required.

What is the impact of CVE-2026-49193?

An attacker reads live telemetry data emitted by affected Acer Connect M6E routers, which may include network usage patterns, device identifiers, and connectivity metadata. Depending on telemetry scope, the exposed data may reveal internal network topology details or user behavioral patterns tied to the device. Confidentiality of all telemetry stored in the affected buckets is fully compromised; there is no partial-read limitation once the bucket is reached.

Back to search

HIGHCVE-2026-49193Published 2026-06-04Modified 2026-06-04CNA Acer

CVE-2026-49193: Publicly Readable AWS S3 Telemetry Buckets

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an information-disclosure vulnerability in the Acer Connect M6E 5G Portable WiFi Router caused by overly permissive AWS S3 bucket configurations that expose active telemetry data publicly over the internet. No authentication is required to reach the affected storage, and the vulnerability is exploitable by any internet-connected client without any user interaction. Successful exploitation allows an attacker to read telemetry information produced by affected devices. No fix version has been published; HarborGuard tracks this advisory and will flag a patched-image rebuild as soon as upstream ships a remediation.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle the affected router firmware or management software. Any image referencing an affected Acer Connect M6E version at or below M6E_AI_1.00.000019 is flagged automatically.

Available

Triage

HarborGuard scores this CVE at CVSS v4.0 8.7 (HIGH) and applies each customer organization's compliance policy weighting before routing the finding to the appropriate team inbox. Environments with stricter data-exposure policies will see this surfaced at elevated priority given the zero-authentication, internet-reachable nature of the exposure.

Available

Patch

Because no fix version has been published, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available the moment upstream publishes a remediation. In the interim, customers can apply compensating controls through network-policy rules to restrict outbound S3 connectivity from affected workloads, reducing exposure until a vendor patch is available.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable S3 buckets are exposed directly over the internet, so an attacker must be able to reach them via a standard network connection.
AuthenticationNot required
No credentials or account of any kind are needed; the buckets are publicly readable by any internet client.
Victim interactionNot required
Exploitation is entirely passive from the attacker's perspective and requires no action by any user or device owner.
Attack complexityDetail
Exploit conditions are straightforward and reliable, with no race conditions or environmental dependencies required.

Blast Radius

An attacker reads live telemetry data emitted by affected Acer Connect M6E routers, which may include network usage patterns, device identifiers, and connectivity metadata.
Depending on telemetry scope, the exposed data may reveal internal network topology details or user behavioral patterns tied to the device.
Confidentiality of all telemetry stored in the affected buckets is fully compromised; there is no partial-read limitation once the bucket is reached.

How HarborGuard Handles This

Available on HarborGuard: detection for this CVE is matched against images in customer registries and CI pipelines within minutes of ingestion. Because no vendor fix exists today, HarborGuard monitors the advisory each ingest cycle and will automatically trigger a patched-image rebuild and, for customers with auto-remediation enabled, open a PR against affected workloads the moment a fix version is published. While awaiting a vendor patch, customers can reduce exposure by applying network-policy rules that restrict egress from affected containers to AWS S3 endpoints, and by auditing which workloads package or reference the affected firmware version. Where compliance policy permits, HarborGuard can surface these compensating-control recommendations directly in the finding detail for team review.

See how HarborGuard automates this

Affected packages

Acer / Connect M6E 5G Portable WiFi Router
≤ M6E_AI_1.00.000019

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

community.acer.com

Metrics

Get notified