CVE-2026-4582: Missing Authentication in Shenzhen HCC Technology MPOS M6 PLUS
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
This vulnerability affects the Bluetooth component of Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N, resulting in missing authentication controls. The attack vector requires an attacker to be on the local network, and the complexity of exploitation is high. No further technical details or exploit methods have been disclosed. The vendor has not provided any response or patch information.
Potential Impact
The missing authentication in the Bluetooth component could allow an attacker on the local network to bypass authentication mechanisms. However, due to the high complexity of exploitation and low CVSS score (2.3), the practical impact is limited. There are no known exploits in the wild, and the vulnerability does not appear to enable significant privilege escalation or data compromise based on available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no patch or workaround is available, organizations should limit local network access to the affected device and monitor for unusual Bluetooth activity as a precaution.
CVE-2026-4582: Missing Authentication in Shenzhen HCC Technology MPOS M6 PLUS
Description
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the Bluetooth component of Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N, resulting in missing authentication controls. The attack vector requires an attacker to be on the local network, and the complexity of exploitation is high. No further technical details or exploit methods have been disclosed. The vendor has not provided any response or patch information.
Potential Impact
The missing authentication in the Bluetooth component could allow an attacker on the local network to bypass authentication mechanisms. However, due to the high complexity of exploitation and low CVSS score (2.3), the practical impact is limited. There are no known exploits in the wild, and the vulnerability does not appear to enable significant privilege escalation or data compromise based on available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no patch or workaround is available, organizations should limit local network access to the affected device and monitor for unusual Bluetooth activity as a precaution.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-22T08:58:54.529Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c10bd0f4197a8e3b33b915
Added to database: 3/23/2026, 9:45:52 AM
Last enriched: 4/18/2026, 1:42:34 PM
Last updated: 5/7/2026, 5:00:26 AM
Views: 89
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.