CVE-2026-49188
Analyzed Analyzed - Analysis Complete
ai_cmd Utility Root Command Injection Vulnerability

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-14
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-12
NVD
CVE-2026-49188
EUVD
EUVD-2026-34205
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer connect_m6e_5g_firmware to m6e_ai_1.00.000019 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-489 The product is released with debugging code still enabled or active.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the ai_cmd utility, which runs with full root permissions. It takes input from a socket and directly pipes that input to the popen() function without proper authentication or validation. This allows unauthenticated users to execute arbitrary commands with root privileges on the affected system.

Impact Analysis

This vulnerability can have severe impacts because it allows unauthenticated users to execute any command as the root user. This could lead to complete system compromise, unauthorized data access, data modification or deletion, installation of malicious software, and disruption of services.

Compliance Impact

This vulnerability allows unauthenticated users to execute arbitrary root commands, potentially leading to unauthorized access, data manipulation, and exposure of sensitive information.

Such unauthorized access and exposure of sensitive data can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality, integrity, and access.

Exploitation of this vulnerability could lead to breaches of personal or protected health information, thereby violating regulatory requirements and potentially resulting in legal and financial consequences.

Mitigation Strategies

To mitigate this vulnerability immediately, users should secure their devices with strong administrative passwords and restrict IPv6 traffic where possible.

Additionally, users are advised to install the forthcoming comprehensive firmware update from Acer as soon as it is released via the device management interface.

Detection Guidance

This vulnerability involves the ai_cmd utility on Acer Connect M6E 5G Portable WiFi Router devices running firmware versions M6E_AI_1.00.000019 or earlier. Detection involves identifying devices running vulnerable firmware and monitoring for unusual command execution or socket activity related to ai_cmd.

To detect the vulnerability on your network or system, you can:

  • Check the firmware version of your Acer Connect M6E device to see if it is M6E_AI_1.00.000019 or earlier.
  • Monitor network traffic for suspicious socket connections to the ai_cmd utility that might indicate attempts to pipe commands.
  • Look for unexpected root-level command executions or processes spawned by ai_cmd.

Suggested commands to assist detection might include:

  • On the device, run a command to check the firmware version, for example: `cat /etc/firmware_version` or check device-specific commands to identify firmware.
  • Use network monitoring tools like `tcpdump` or `wireshark` to capture and analyze socket traffic related to ai_cmd.
  • On the device, check running processes with `ps aux | grep ai_cmd` to see if the utility is active.
  • Review system logs for any suspicious command executions or errors related to ai_cmd.

Ultimately, the best mitigation is to update the firmware once the patch is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49188. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart