How is CVE-2026-50205 exploited?

Network reachability (required): The attacker must be able to reach the router's log interface over the network; the vulnerability is exposed remotely without requiring physical or local access. Authentication (not-required): No credentials or account are needed to exploit this vulnerability; the log files containing plaintext credentials are accessible anonymously. Victim interaction (not-required): No user action is required; the attacker can retrieve the exposed log data without any victim participation. Attack complexity (info): Exploitation is straightforward and condition-free; no race conditions, memory layout dependencies, or environmental prerequisites stand in the attacker's way.

What is the impact of CVE-2026-50205?

Reads SMTP server authentication passwords stored in plaintext within system log files, enabling direct reuse of those credentials against the associated mail server. Reads sensitive employee corporate identification data written to the same logs, exposing personal or organizational records to the attacker. Harvested SMTP credentials can be used to send mail as a trusted internal sender, enabling phishing or data exfiltration campaigns from a legitimate account.

Back to search

HIGHCVE-2026-50205Published 2026-06-04Modified 2026-06-04CNA Acer

CVE-2026-50205: Plaintext Log Credential Leakage

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.

CVSS v4.0: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A plaintext credential disclosure vulnerability affects the Acer Connect M6E 5G Portable WiFi Router (firmware version M6E_AI_1.00.000019 and earlier). The router writes SMTP server authentication passwords and sensitive employee corporate identification data in cleartext to system log files, accessible over the network without any authentication. An attacker who can reach the device can read stored credentials and personal identification data directly from logs. No fix version has been published; HarborGuard tracks the advisory and will surface a patched rebuild the moment Acer releases one.

HarborGuard Coverage

Detection

Detection of CVE-2026-50205 is available across every HarborGuard environment. Images are matched against ingested upstream advisory feeds within minutes of publication, including custom-built images that bundle affected Acer firmware or related components.

Available

Triage

HarborGuard is capable of scoring this CVE at CVSS 8.8 (High severity) and weighting it against each customer environment's compliance policy to determine urgency. Triage results are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

Because no upstream fix version has been published for this CVE, HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Acer publishes a remediated firmware version. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will trigger without manual intervention once a fix is available.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the router's log interface over the network; the vulnerability is exposed remotely without requiring physical or local access.
AuthenticationNot required
No credentials or account are needed to exploit this vulnerability; the log files containing plaintext credentials are accessible anonymously.
Victim interactionNot required
No user action is required; the attacker can retrieve the exposed log data without any victim participation.
Attack complexityDetail
Exploitation is straightforward and condition-free; no race conditions, memory layout dependencies, or environmental prerequisites stand in the attacker's way.

Blast Radius

Reads SMTP server authentication passwords stored in plaintext within system log files, enabling direct reuse of those credentials against the associated mail server.
Reads sensitive employee corporate identification data written to the same logs, exposing personal or organizational records to the attacker.
Harvested SMTP credentials can be used to send mail as a trusted internal sender, enabling phishing or data exfiltration campaigns from a legitimate account.

How HarborGuard Handles This

Available on HarborGuard: this CVE is ingested from upstream advisory feeds and matched against all images in connected registries and build pipelines, including custom firmware-based images. Because Acer has not yet published a fix, no patched rebuild is available upstream. In the interim, customers can apply compensating controls such as network-policy isolation to restrict access to the router management interface, egress filtering to prevent unauthorized outbound SMTP connections using harvested credentials, and log-access gating to limit which systems or accounts can read device log output. HarborGuard will continue re-checking the advisory each ingest cycle and will surface a patched-image rebuild automatically the moment a fix version is published. For customers with auto-remediation enabled, that rebuild will trigger a regression run and open a PR against affected workloads without requiring manual action.

See how HarborGuard automates this

Affected packages

Acer / Connect M6E 5G Portable WiFi Router
≤ M6E_AI_1.00.000019

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

References

community.acer.com

Metrics

Get notified