CVE-2026-4584
Published
CVSS v3
3.1
LOW
CVSS v2
1.8
LOW
Affected
1
PROJECT
Description
A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.
This repository documents three critical security vulnerabilities discovered in the M6PLUS mobile payment terminal's Bluetooth communication protocol. These vulnerabilities affect M6PLUS terminals using Bluetooth connectivity and pose significant risks to payment security.
GitHub