8 matches found
CVE-2026-50226
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...
CVE-2026-49197
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...
CVE-2026-50226 Firmware Theft & IMEI Spoofing via Connect-OTA
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...
CVE-2026-49197
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...
CVE-2026-49197 Predator Connect W6x: Improper Authentication
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...
EUVD-2026-33264
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...
CVE-2026-49197
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...
PT-2026-44767
Name of the Vulnerable Software and Affected Versions Acer Connect affected versions not specified Description Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header. The system fails to block requests when the Base64 decoding process fails, allowing...