CVE-2026-50226

Published: Giu 04, 2026 Last Modified: Giu 04, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: 8fc372e3-d9c5-46e4-9410-38469745c639

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

321

Use of Hard-coded Cryptographic Key

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Read Application Data

Applicable Platforms

Technologies: ICS/OT

Likelihood of Exploit: High

View CWE Details

https://community.acer.com/en/kb/articles/19707

CVE-2026-50226

Description

Use of Hard-coded Cryptographic Key

Common Consequences

Applicable Platforms

Iscriviti alla newsletter