A critical command injection vulnerability in the Acer Connect M6E 5G router's FieldX MDM module allows for arbitrary instruction execution.

The vulnerability exists in the adb messaging topic, which fails to verify payloads before passing them to the Runtime.exec() function. This allows attackers to inject and execute arbitrary commands on the affected device.

The ability to execute arbitrary commands with high privileges provides an attacker with complete control over the device. Given the CVSS score of 9.8, this could lead to the compromise of the local network environment where the router is deployed.

Immediate Action: Apply the latest firmware update provided by Acer to address the command injection flaw in the MDM component.

Proactive Monitoring: Monitor for anomalous adb messaging traffic or unexpected process execution on the router.

Compensating Controls: Disable remote management and ADB-related features if they are not strictly required for current operations.

Public Exploit Available: False

This vulnerability is highly critical due to the ease of command execution. It is imperative that users update their firmware to the latest version to prevent unauthorized system control.