CVE-2026-50224
Analyzed Analyzed - Analysis Complete
Web Admin Panel IPv6 Exposure on Port 8080

Publication date: 2026-06-04

Last updated on: 2026-06-08

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-08
Generated
2026-06-24
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-50224
EUVD
EUVD-2026-34229
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer connect_m6e_5g_firmware to m6e_ai_1.00.000019 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs because the web administration panel is configured to bind broadly to the public IPv6 address space on port [::]:8080 without any default firewall restrictions.

As a result, internal API endpoints that should normally be protected and accessible only within a private network become reachable over the wide area network (WAN), exposing them to potential unauthorized access.

Impact Analysis

Because internal API endpoints are exposed to the public internet without firewall limits, attackers could potentially access sensitive administrative functions remotely.

This exposure increases the risk of unauthorized access, data leakage, or manipulation of the system through these internal APIs.

Compliance Impact

This vulnerability exposes internal API endpoints over the WAN without firewall restrictions, potentially allowing unauthorized access to sensitive data and device configurations.

Such unauthorized access and exposure of sensitive data could lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over access to personal and health-related information.

Failure to secure administrative interfaces and protect sensitive data may result in non-compliance with these standards, increasing the risk of data breaches and associated legal and financial penalties.

Detection Guidance

This vulnerability involves the web administration panel binding broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.

To detect this vulnerability on your network or system, you can scan for devices exposing port 8080 over IPv6 addresses and check if the web administration panel is accessible externally.

  • Use network scanning tools like nmap to detect open port 8080 on IPv6 addresses: nmap -6 -p 8080 <target-IPv6-range>
  • Attempt to access the web administration panel via a browser or curl to see if it is reachable externally: curl -6 http://[<target-IPv6-address>]:8080
  • Check firewall rules to verify if IPv6 traffic on port 8080 is unrestricted.
Mitigation Strategies

Immediate mitigation steps include securing the device by setting strong administrative passwords and restricting IPv6 traffic where possible.

Users should apply the forthcoming firmware update from Acer as soon as it is released to address all identified vulnerabilities.

  • Set strong administrative passwords on the device.
  • Restrict or block IPv6 traffic to port 8080 on the device using firewall rules.
  • Monitor for firmware updates from Acer and apply them promptly via the device management interface.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50224. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart