Vulnerabilities > Acer > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2022-40080 Out-of-bounds Write vulnerability in Acer Aspire E5-475G Firmware 1.21
Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.
local
low complexity
acer CWE-787
7.8
2022-11-28 CVE-2022-4020 Incorrect Default Permissions vulnerability in Acer products
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
local
low complexity
acer CWE-276
8.2
2022-03-10 CVE-2022-24285 Improper Authentication vulnerability in Acer Care Center 4.00.3000/4.00.3038
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability.
local
low complexity
acer CWE-287
7.2
2022-03-10 CVE-2022-24286 Improper Authentication vulnerability in Acer Quickaccess
Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability.
local
low complexity
acer CWE-287
7.2