Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
The attacker sends a crafted MQTT message whose content is not properly validated or sanitized by the target device. Improper handling of input data leads to injection and execution of arbitrary system commands (command injection, CWE-77). The exploit does not require any user interaction or account possession on the device — network access to the MQTT service is sufficient.
The attacker obtains remote code execution (RCE) with root privileges, which means full control over the device, ability to modify configuration, steal data, and potential use of the device as an entry point for further actions on the network.
Apply patches available from the manufacturer according to the references (https://community.acer.com/en/kb/articles/19672). Until the update is applied, it is recommended to restrict network access to the MQTT service on vulnerable devices through a firewall or network segmentation.
Versions indicated in the manufacturer's references (Acer); specific models and software versions were not mentioned in the CVE description
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAcer Predator Connect W6x
HWAcerwszystkie wersjeAcer Predator Connect W6x Firmware
OSAcer≤ w6x_gbl_2.00.000005
Related vulnerabilities
Acer Connect — pominięcie uwierzytelnienia przez błąd walidacji nagłówka Authorization
Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, al...
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arb...
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to u...
Command injection w Acer Connect M6E 5G via FieldX MDM adb messaging