CVE-2026-49194
Analyzed Analyzed - Analysis Complete
Debugging Routine Bypass Leads to Shell Access in Device

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-16
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-14
NVD
CVE-2026-49194
EUVD
EUVD-2026-34213
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer connect_m6e_5g_firmware to m6e_ai_1.00.000019 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves a debugging routine named SCREEN_CLICK(5053) that allows an attacker to bypass the standard device login prompt entirely. By exploiting this routine, the attacker can directly access an interactive shell interface without needing to authenticate.

Impact Analysis

The vulnerability can have a severe impact because it allows unauthorized users to gain direct shell access to the device without any login credentials. This can lead to full control over the device, potentially enabling data theft, system manipulation, or further attacks within the network.

Compliance Impact

This vulnerability allows bypassing the standard device login prompt and directly entering an interactive shell interface, which can lead to unauthorized access to sensitive data and system controls.

Such unauthorized access can result in violations of common security requirements found in standards and regulations like GDPR and HIPAA, which mandate strict access controls and protection of personal and sensitive information.

Therefore, exploitation of this vulnerability could compromise compliance with these regulations by undermining authentication mechanisms and potentially exposing protected data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49194. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart