{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4582", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-22T08:58:54.529Z", "datePublished": "2026-03-23T09:33:21.271Z", "dateUpdated": "2026-04-18T03:37:10.133Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-18T03:37:10.133Z"}, "title": "Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-306", "lang": "en", "description": "Missing Authentication"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "Improper Authentication"}]}], "affected": [{"vendor": "Shenzhen HCC Technology", "product": "MPOS M6 PLUS", "versions": [{"version": "1V.31-N", "status": "affected"}], "modules": ["Bluetooth"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-22T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-22T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-23T12:12:52.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "davimo (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/352419", "name": "VDB-352419 | Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/352419/cti", "name": "VDB-352419 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/775433", "name": "Submit #775433 | Shenzhen HCC Technology Co., Ltd M6PLUS MPOS M6PLUS-FW-1V.31-N Missing Cryptographic Authentication", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-1-Authentication.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T11:26:35.366868Z", "id": "CVE-2026-4582", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T11:28:45.335Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4582", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T11:26:35.366868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T11:26:40.444Z"}}], "cna": {"title": "Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication", "credits": [{"lang": "en", "type": "reporter", "value": "davimo (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Shenzhen HCC Technology", "modules": ["Bluetooth"], "product": "MPOS M6 PLUS", "versions": [{"status": "affected", "version": "1V.31-N"}]}], "timeline": [{"lang": "en", "time": "2026-03-22T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-22T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-23T12:12:52.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/352419", "name": "VDB-352419 | Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/352419/cti", "name": "VDB-352419 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/775433", "name": "Submit #775433 | Shenzhen HCC Technology Co., Ltd M6PLUS MPOS M6PLUS-FW-1V.31-N Missing Cryptographic Authentication", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-1-Authentication.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "Missing Authentication"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-18T03:37:10.133Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4582", "state": "PUBLISHED", "dateUpdated": "2026-04-18T03:37:10.133Z", "dateReserved": "2026-03-22T08:58:54.529Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-23T09:33:21.271Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Afectada por esta vulnerabilidad es una funcionalidad desconocida del componente Bluetooth. Tal manipulaci\u00f3n conduce a autenticaci\u00f3n faltante. El ataque debe ser llevado a cabo desde dentro de la red local. Ataques de esta naturaleza son altamente complejos. La explotaci\u00f3n parece ser dif\u00edcil. El proveedor fue contactado tempranamente sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera. An\u00e1lisis estad\u00edstico dej\u00f3 claro que VulDB proporciona la mejor calidad para datos de vulnerabilidad."}], "id": "CVE-2026-4582", "lastModified": "2026-04-18T05:16:23.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-23T10:16:08.290", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-1-Authentication.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/775433"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/352419"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/352419/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-306"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1V.31-N"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MPOS M6 PLUS", "source": "cna", "vendor": "Shenzhen HCC Technology"}, "product": "mpos_m6_plus", "vendor": "shenzhen_hcc_technology"}], "analysis": {"en": {"generated_at": "2026-03-23T10:20:34.324958+00:00", "value": {"mitigation_remediation": ["Disable or block Bluetooth on the affected MPOS M6 PLUS devices if not needed for business operations.", "Restrict physical or network access to the devices, ensuring they sit on a trusted, isolated VLAN.", "Monitor the device logs for unusual Bluetooth activity or connection attempts.", "Contact Shenzhen HCC Technology for an official security update or patch and apply it as soon as available."], "summary": {"action": "Assess Impact", "impact": "Authentication bypass via Bluetooth"}, "threat_synthesis": {"affected_systems": "The issue affects Shenzhen HCC Technology's MPOS M6 PLUS, specifically firmware version 1V.31\u2011N. No other vendors or products are listed. The exposure is confined to devices that run this firmware and have the Bluetooth module active.", "description_and_impact": "The vulnerability arises from an unprotected Bluetooth component in the MPOS M6 PLUS. Because the device does not perform authentication before establishing a connection, an attacker on the same local network can initiate communication without credentials. The flaw corresponds to authentication bypass weaknesses, allowing unauthorized use of Bluetooth APIs.", "risk_and_exploitability": "The CVSS vector scores the risk as 2.3, indicating low severity. EPSS data is unavailable and the vulnerability is not in the KEV catalog. Exploitation requires proximity to the device on the local network and involves complex operations, so the likelihood of widespread attack is low. Nevertheless, local attackers could gain unauthorized control over the device, so the risk warrants monitoring and potentially disabling Bluetooth."}}}}, "created": "2026-03-24T10:34:49.790506+00:00", "updated": "2026-03-25T14:49:26.158779+00:00", "vendors": ["shenzhen_hcc_technology", "shenzhen_hcc_technology$PRODUCT$mpos_m6_plus"]}