CVE-2026-50209
Analyzed Analyzed - Analysis Complete
Malicious MDM Endpoint Rewrite in Device Firmware

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-24
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-50209
EUVD
EUVD-2026-34221
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer connect_m6e_5g_firmware to m6e_ai_1.00.000019 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves broadcast events that allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address.

By changing the MDM endpoint, an attacker can shift administrative ownership of the device to themselves.

Impact Analysis

The vulnerability can lead to an external attacker gaining administrative control over your device by changing its MDM endpoint.

This unauthorized control could allow the attacker to manage device settings, deploy malicious configurations, or access sensitive data.

Compliance Impact

This vulnerability allows malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, effectively shifting administrative ownership to an external attacker.

Such unauthorized control can lead to unauthorized access to sensitive data, interception of communications, and manipulation of device configurations.

These impacts can compromise the confidentiality, integrity, and availability of data, which are critical requirements under common standards and regulations like GDPR and HIPAA.

Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to potential data breaches and failure to protect personal or health information.

Detection Guidance

This vulnerability involves malicious software rewriting the device's default Mobile Device Management (MDM) endpoint address, which may not be directly detectable by simple network commands.

To detect signs of exploitation, you can monitor the device configuration for unexpected changes to the MDM endpoint address or unusual administrative ownership shifts.

Additionally, monitoring network traffic for unauthorized or suspicious outbound connections from the device, especially related to MDM communications, may help identify compromise.

Specific commands are not provided in the available resources, but general approaches include checking device configuration files or logs for changes and using network monitoring tools to inspect traffic.

Mitigation Strategies

Immediate mitigation steps include securing the device with strong administrative passwords to prevent unauthorized access.

Restricting IPv6 traffic where possible can reduce the attack surface related to this vulnerability.

Users should apply the forthcoming firmware update from Acer as soon as it is released, which will address this and other identified vulnerabilities.

These updates can be applied via the device management interface.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50209. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart