A critical access control vulnerability in the Acer Connect M6E 5G router’s MQTT broker allows unauthorized clients to manipulate network devices and intercept data.

The local MQTT broker lacks topic-level Access Control Lists (ACLs). This allows any client to use wildcard characters to subscribe to sensitive topics, enumerate hidden network devices, or publish unauthorized control commands.

The lack of access control exposes the internal network architecture and allows for rogue control of connected IoT/network devices. With a CVSS score of 9.8, this flaw poses a significant risk to the integrity and availability of the local network environment.

Immediate Action: Update to the latest firmware version to ensure proper MQTT broker configuration and ACL enforcement are implemented.

Proactive Monitoring: Monitor MQTT traffic for unexpected subscription patterns or unauthorized publish requests.

Compensating Controls: Isolate the router from untrusted network segments and restrict access to the MQTT broker port (typically 1883) to authorized internal clients only.

Public Exploit Available: False

The vulnerability significantly undermines the security of the local network. Organizations should prioritize updating the device firmware to enforce necessary access controls on the MQTT broker.