Vulnerabilities > Acer > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-48034 Inadequate Encryption Strength vulnerability in Acer Sk-9662 Firmware
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.
low complexity
acer CWE-326
6.1
2022-01-26 CVE-2021-45975 Untrusted Search Path vulnerability in Acer Care Center
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack.
local
acer CWE-426
6.9
2019-12-17 CVE-2019-18670 Untrusted Search Path vulnerability in Acer Quick Access
In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM.
local
acer CWE-426
6.9
2017-10-16 CVE-2017-15361 Unspecified vulnerability in Infineon RSA Library and Trusted Platform Firmware
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA.
4.3
2017-06-08 CVE-2016-5648 Improper Certificate Validation vulnerability in Acer Portal 3.9.3.2006
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
network
acer CWE-295
4.3