A critical vulnerability in the ai_cmd utility of the Acer Connect M6E 5G router allows unauthenticated attackers to execute arbitrary code with root-level privileges.

The ai_cmd utility executes with full root permissions and pipes socket inputs directly into the popen() function without sanitization. This enables unauthenticated attackers to trigger arbitrary command execution with the highest level of system privilege.

Full root compromise allows an attacker to take complete control of the router, potentially leading to persistent malware installation, data interception, and lateral movement within the network. The CVSS score of 9.8 reflects the extreme risk this vulnerability poses to the host system.

Immediate Action: Apply the latest firmware update from Acer to patch the ai_cmd utility and sanitize input handling.

Proactive Monitoring: Audit system logs for unauthorized root process execution or suspicious socket activity.

Compensating Controls: Use network segmentation to ensure the device is not reachable from the public internet, limiting the attack surface for unauthenticated exploit attempts.

Public Exploit Available: False

This is a high-urgency vulnerability due to the root privilege escalation path. Immediate patching is required to prevent total system compromise by remote, unauthenticated attackers.