Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-4582

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-23 Mar, 2026 | 09:33
Updated At-18 Apr, 2026 | 03:37
Rejected At-
Credits

Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:23 Mar, 2026 | 09:33
Updated At:18 Apr, 2026 | 03:37
Rejected At:
â–¼CVE Numbering Authority (CNA)
Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
Shenzhen HCC Technology
Product
MPOS M6 PLUS
Modules
  • Bluetooth
Versions
Affected
  • 1V.31-N
Problem Types
TypeCWE IDDescription
CWECWE-306Missing Authentication
CWECWE-287Improper Authentication
Type: CWE
CWE ID: CWE-306
Description: Missing Authentication
Type: CWE
CWE ID: CWE-287
Description: Improper Authentication
Metrics
VersionBase scoreBase severityVector
4.02.3LOW
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.15.0MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3.05.0MEDIUM
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2.04.3N/A
AV:A/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 3.0
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 2.0
Base score: 4.3
Base severity: N/A
Vector:
AV:A/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
davimo (VulDB User)
coordinator
VulDB CNA Team
Timeline
EventDate
Advisory disclosed2026-03-22 00:00:00
VulDB entry created2026-03-22 01:00:00
VulDB entry last update2026-03-23 12:12:52
Event: Advisory disclosed
Date: 2026-03-22 00:00:00
Event: VulDB entry created
Date: 2026-03-22 01:00:00
Event: VulDB entry last update
Date: 2026-03-23 12:12:52
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/vuln/352419
vdb-entry
https://vuldb.com/vuln/352419/cti
signature
permissions-required
https://vuldb.com/submit/775433
third-party-advisory
https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-1-Authentication.md
exploit
Hyperlink: https://vuldb.com/vuln/352419
Resource:
vdb-entry
Hyperlink: https://vuldb.com/vuln/352419/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/submit/775433
Resource:
third-party-advisory
Hyperlink: https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-1-Authentication.md
Resource:
exploit
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:23 Mar, 2026 | 10:16
Updated At:24 Apr, 2026 | 16:32

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.3LOW
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.0MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Secondary2.04.3MEDIUM
AV:A/AC:H/Au:N/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:A/AC:H/Au:N/C:P/I:P/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-287Secondarycna@vuldb.com
CWE-306Secondarycna@vuldb.com
CWE ID: CWE-287
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-306
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-1-Authentication.mdcna@vuldb.com
N/A
https://vuldb.com/submit/775433cna@vuldb.com
N/A
https://vuldb.com/vuln/352419cna@vuldb.com
N/A
https://vuldb.com/vuln/352419/cticna@vuldb.com
N/A
Hyperlink: https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-1-Authentication.md
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/submit/775433
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/352419
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/352419/cti
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2026-4583
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.04% / 11.73%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 10:31
Updated-24 Apr, 2026 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay

A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the local network. The attack is considered to have high complexity. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Shenzhen HCC Technology
Product-MPOS M6 PLUS
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2026-2756
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.04% / 11.73%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 17:32
Updated-24 Apr, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OmniPEMF NeoRhythm BLE missing authentication

A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-OmniPEMF
Product-NeoRhythm
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-60251
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 00:00
Updated-26 Sep, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring.

Action-Not Available
Vendor-Unitree
Product-B2H1Go2G1
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2013-2193
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.91%
||
7 Day CHG~0.00%
Published-29 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-hbasen/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-0011
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 66.31%
||
7 Day CHG~0.00%
Published-21 Jun, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-287
Improper Authentication
CVE-2007-4632
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.22%
||
7 Day CHG~0.00%
Published-31 Aug, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-287
Improper Authentication
Details not found