ByteOS Network

Vulnerability Details :

CVE-2026-4583

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-23 Mar, 2026 | 10:31

Updated At-25 Mar, 2026 | 14:04

Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay

A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the local network. The attack is considered to have high complexity. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:23 Mar, 2026 | 10:31

Updated At:25 Mar, 2026 | 14:04

▼CVE Numbering Authority (CNA)

Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay

Affected Products

Vendor

Shenzhen HCC Technology

Product

MPOS M6 PLUS

Modules

Bluetooth Handler

Versions

Affected

1V.31-N

Problem Types

Type	CWE ID	Description
CWE	CWE-294	Authentication Bypass by Capture-replay
CWE	CWE-287	Improper Authentication

Type: CWE

CWE ID: CWE-294

Description: Authentication Bypass by Capture-replay

Type: CWE

CWE ID: CWE-287

Description: Improper Authentication

Metrics

Version	Base score	Base severity	Vector
4.0	2.3	LOW	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.1	5.0	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3.0	5.0	MEDIUM	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2.0	4.3	N/A	AV:A/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Version: 4.0

Base score: 2.3

Base severity: LOW

Vector:

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 5.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Version: 3.0

Base score: 5.0

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Version: 2.0

Base score: 4.3

Base severity: N/A

Vector:

AV:A/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Credits

reporter

davimo (VulDB User)

coordinator

VulDB

Timeline

Event	Date
Advisory disclosed	2026-03-22 00:00:00
VulDB entry created	2026-03-22 01:00:00
VulDB entry last update	2026-03-22 10:04:13

Event: Advisory disclosed

Date: 2026-03-22 00:00:00

Event: VulDB entry created

Date: 2026-03-22 01:00:00

Event: VulDB entry last update

Date: 2026-03-22 10:04:13

References

Hyperlink	Resource
https://vuldb.com/?id.352420	vdb-entry
https://vuldb.com/?ctiid.352420	signature permissions-required
https://vuldb.com/?submit.775434	third-party-advisory
https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-2-Replay.md	exploit

Hyperlink: https://vuldb.com/?id.352420

Resource:

vdb-entry

Hyperlink: https://vuldb.com/?ctiid.352420

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.775434

Resource:

third-party-advisory

Hyperlink: https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-2-Replay.md

Resource:

exploit

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:23 Mar, 2026 | 11:16

Updated At:24 Apr, 2026 | 16:32

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.3	LOW	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	5.0	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Secondary	2.0	4.3	MEDIUM	AV:A/AC:H/Au:N/C:P/I:P/A:P

Type: Secondary

Version: 4.0

Base score: 2.3

Base severity: LOW

Vector:

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 5.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Type: Secondary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:A/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	cna@vuldb.com
CWE-294	Primary	cna@vuldb.com

CWE ID: CWE-287

Type: Primary

Source: cna@vuldb.com

CWE ID: CWE-294

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-2-Replay.md	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.352420	cna@vuldb.com	N/A
https://vuldb.com/?id.352420	cna@vuldb.com	N/A
https://vuldb.com/?submit.775434	cna@vuldb.com	N/A

Hyperlink: https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-2-Replay.md

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.352420

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.352420

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?submit.775434

Source: cna@vuldb.com

Resource: N/A

Similar CVEs

5Records found

CVE-2026-4582

Matching Score-10

Assigner-VulDB

View Details

Matching Score-10

Assigner-VulDB

CVSS Score-2.3||LOW

EPSS-0.01% / 1.98%

7 Day CHG~0.00%

Published-23 Mar, 2026 | 09:33

Updated-24 Apr, 2026 | 16:32

Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-Shenzhen HCC Technology

Product-MPOS M6 PLUS

CWE ID-CWE-287

Improper Authentication

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2026-2756

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-2.3||LOW

EPSS-0.04% / 11.73%

7 Day CHG~0.00%

Published-21 Mar, 2026 | 17:32

Updated-24 Apr, 2026 | 16:31

OmniPEMF NeoRhythm BLE missing authentication

A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-OmniPEMF

Product-NeoRhythm

CWE ID-CWE-287

Improper Authentication

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2013-2193

Matching Score-4

Assigner-Red Hat, Inc.

View Details

Matching Score-4

Assigner-Red Hat, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.15% / 35.91%

7 Day CHG~0.00%

Published-29 May, 2014 | 14:00

Updated-06 May, 2026 | 22:30

Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.

Vendor-n/a The Apache Software Foundation

Product-hbase n/a

CWE ID-CWE-287

Improper Authentication

CVE-2011-0011

Matching Score-4

Assigner-Red Hat, Inc.

View Details

Matching Score-4

Assigner-Red Hat, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.50% / 66.31%

7 Day CHG~0.00%

Published-21 Jun, 2012 | 15:00

Updated-29 Apr, 2026 | 01:13

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

Vendor-n/a QEMU

Product-qemu n/a

CWE ID-CWE-287

Improper Authentication

CVE-2007-4632

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 49.22%

7 Day CHG~0.00%

Published-31 Aug, 2007 | 23:00

Updated-23 Apr, 2026 | 00:35

Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.

Vendor-n/a Cisco Systems, Inc.

Product-ios n/a

CWE ID-CWE-287

Improper Authentication

CVE-2026-4583

Credits

Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs