CVE-2026-50226 – Firmware Theft & IMEI Spoofing via Connect-OTA

CVE ID :CVE-2026-50226

Published : June 4, 2026, 10:16 a.m. | 16 minutes ago

Description :Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-8916 – Samsung Open Source rlottie Out-of-Bounds Write

CVE-2026-50225 – Account Creation Exhaustion

CVE-2026-50224 – Unauthenticated IPv6 WAN Management Exposure

CVE-2026-50214 – Shared Secret Quota Inflation