Vulnerabilities > Acer

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-48034 Inadequate Encryption Strength vulnerability in Acer Sk-9662 Firmware
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.
low complexity
acer CWE-326
6.1
2023-02-16 CVE-2022-40080 Out-of-bounds Write vulnerability in Acer Aspire E5-475G Firmware 1.21
Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.
local
low complexity
acer CWE-787
7.8
2022-11-28 CVE-2022-4020 Incorrect Default Permissions vulnerability in Acer products
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
local
low complexity
acer CWE-276
8.2
2022-10-19 CVE-2022-41415 Out-of-bounds Write vulnerability in Acer Altos W2000H-W570H F4 Firmware R01.03.0018
Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component.
network
low complexity
acer CWE-787
critical
9.8
2022-03-10 CVE-2022-24285 Improper Authentication vulnerability in Acer Care Center 4.00.3000/4.00.3038
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability.
local
low complexity
acer CWE-287
7.2
2022-03-10 CVE-2022-24286 Improper Authentication vulnerability in Acer Quickaccess
Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability.
local
low complexity
acer CWE-287
7.2
2022-01-26 CVE-2021-45975 Untrusted Search Path vulnerability in Acer Care Center
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack.
local
acer CWE-426
6.9
2019-12-17 CVE-2019-18670 Untrusted Search Path vulnerability in Acer Quick Access
In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM.
local
acer CWE-426
6.9
2017-10-16 CVE-2017-15361 Unspecified vulnerability in Infineon RSA Library and Trusted Platform Firmware
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA.
4.3
2017-06-08 CVE-2016-5648 Improper Certificate Validation vulnerability in Acer Portal 3.9.3.2006
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
network
acer CWE-295
4.3