news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-50210	Weak Static Cryptographic Initialization Vectors_CVE-2026-50210 The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plai...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
CRITICAL 9.3	CVE-2026-50209	MDM Server Registration Overriding_CVE-2026-50209 Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
CRITICAL 9.2	CVE-2026-50208	Permissive TrustAllCerts TLS Verification_CVE-2026-50208 High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
HIGH 8.5	CVE-2026-50207	Local Modem Manipulation via Binder Interfaces_CVE-2026-50207 The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellu...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
HIGH 7.2	CVE-2026-3820	Supermicro BMC’s SMTP service contains a command injection vulnerability_CVE-2026-3820 There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inje...	SMCI	AS-2115HS-TNR 01.08.01	Jun 4, 2026	CVE
CRITICAL 9.8	THN:E195CBEDCCA...	CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog_THN:E195CBEDCCA2595694FC42E56D695411 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8P5o_wfJsxsTaxY4OONIm2y5N5x9heoFeLchfLU13YA36tGQGJtu00tOCQSKhCTBFobAAWfhXLtNGMu8ZCG...	N/A	N/A	Jun 4, 2026	THN
MEDIUM 4.9	CVE-2026-50219	CVE-2026-50219_CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset ...	libexpat project	libexpat	Jun 4, 2026	CVE
HIGH 8.5	CVE-2026-49189	Broadcast Receiver Privilege Escalation_CVE-2026-49189 Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
HIGH 8.7	CVE-2026-49188	Elevated Root Command Execution via ai_cmd Sockets_CVE-2026-49188 The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to exe...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
HIGH 8.7	CVE-2026-49187	Hard-coded APK Resource Credentials & Scepters_CVE-2026-49187 The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE