How is CVE-2026-50212 exploited?

Network reachability (info): The attacker must be on the same adjacent network (LAN, Wi-Fi segment, or VPN) as the target device; remote internet-based exploitation is not possible with this vector. Authentication (not-required): No account credentials or session tokens are needed; the vulnerable API endpoint accepts unauthenticated requests. Victim interaction (not-required): The attacker does not need any user to click a link or take any action; the exploit is sent directly to the device. Attack complexity (info): Exploitation is reliable and condition-free; no race conditions, special memory layouts, or environmental dependencies are required.

What is the impact of CVE-2026-50212?

Crashes or disrupts the availability of the targeted router's device-association service, taking it offline. Forcibly unbinds connected client endpoints, severing active network sessions for all affected users on the segment. Sustained exploitation can prevent clients from re-associating, extending the denial-of-service beyond the initial attack.

Back to search

HIGHCVE-2026-50212Published 2026-06-04Modified 2026-06-04CNA Acer

CVE-2026-50212: Arbitrary Remote Device Unbinding

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an unauthenticated denial-of-service vulnerability in the Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier). Weak input validation in the device dissociation API allows an attacker on the same local network to forcibly unbind endpoints belonging to other users, requiring no credentials or victim interaction. Successful exploitation causes severe disruption to device availability, effectively knocking connected clients offline. No fix version has been published yet; HarborGuard tracks this advisory for patch availability and will surface a patched-image rebuild as soon as upstream ships one.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle affected Acer router firmware or management tooling. Any image referencing the affected firmware version is flagged automatically.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 7.1 (High) and weighting it against each environment's compliance policy to determine urgency. Triage routing to the appropriate team inbox within each customer organization is available based on policy configuration.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment Acer releases a remediated firmware version. Customers with auto-remediation enabled will receive a rebuild, a regression-test run, and a PR opened against affected workloads automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityDetail
The attacker must be on the same adjacent network (LAN, Wi-Fi segment, or VPN) as the target device; remote internet-based exploitation is not possible with this vector.
AuthenticationNot required
No account credentials or session tokens are needed; the vulnerable API endpoint accepts unauthenticated requests.
Victim interactionNot required
The attacker does not need any user to click a link or take any action; the exploit is sent directly to the device.
Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions, special memory layouts, or environmental dependencies are required.

Blast Radius

Crashes or disrupts the availability of the targeted router's device-association service, taking it offline.
Forcibly unbinds connected client endpoints, severing active network sessions for all affected users on the segment.
Sustained exploitation can prevent clients from re-associating, extending the denial-of-service beyond the initial attack.

How HarborGuard Handles This

Available on HarborGuard: because Acer has not yet published a fix for CVE-2026-50212, the platform monitors the advisory on every ingest cycle and will automatically make a patched-image rebuild available as soon as an upstream fix is released. For customers with auto-remediation enabled, that will trigger a rebuild, a regression-test run, and a PR opened against affected workloads without manual intervention. In the interim, compensating controls worth evaluating include network-policy isolation to restrict adjacency to the router management interface, egress filtering to limit which hosts can reach the dissociation API endpoint, and disabling remote management features via feature-flag or firewall rule where the deployment model allows. These controls reduce the pool of hosts from which an unauthenticated attacker could reach the vulnerable API. HarborGuard will surface the patched rebuild and send policy-weighted alerts to the configured team inboxes as soon as upstream availability is confirmed.

See how HarborGuard automates this

Affected packages

Acer / Connect M6E 5G Portable WiFi Router
≤ M6E_AI_1.00.000019

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

community.acer.com

Metrics

Get notified