CVE-2026-50226
MediumCVSS 5.3Summary
Fixed AES-128-CBC keys inside the AcerConnect OTA application allow attackers to forge authorization credentials for arbitrary IMEI numbers. This enables unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.
Risk Assessment
The organization is at risk of unauthorized access to data and potential leakage of sensitive information. Attackers may exploit this vulnerability to manipulate data and gain access to protected resources.
Recommendation
It is recommended to update the AcerConnect OTA application to the latest version to mitigate this vulnerability. Additionally, conducting a security audit is advisable to identify and secure other potential vulnerabilities.
Original NVD description (English source)
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

