CVE-2026-49188

Summary

The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.

Affected Software

VendorProductVersion RangeStatus
AcerConnect M6E 5G Portable WiFi Router* <= M6E_AI_1.00.000019affected

Weaknesses

  • CWE-489: CWE-489: Active Debug Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References