CVE Catalog

CVE-2026-50226

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Summary

Fixed AES-128-CBC keys inside the AcerConnect OTA application allow attackers to forge authorization credentials for arbitrary IMEI numbers. This enables unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

Risk Assessment

The organization is at risk of unauthorized access to data and potential leakage of sensitive information. Attackers may exploit this vulnerability to manipulate data and gain access to protected resources.

Recommendation

It is recommended to update the AcerConnect OTA application to the latest version to mitigate this vulnerability. Additionally, conducting a security audit is advisable to identify and secure other potential vulnerabilities.

Original NVD description (English source)

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS