Drewbug

**Name of the Vulnerable Software and Affected Versions** OmniPEMF NeoRhythm versions up to 20260308 **Description** A security issue has been identified in OmniPEMF NeoRhythm related to missing authentication within the BLE Interface component. The attack requires high complexity and is considered difficult to exploit, and can only be initiated locally. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions up to 20260308 require a fix to address the missing authentication in the BLE Interface component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mendi Neurofeedback Headset version V4 **Description** A vulnerability exists in the Bluetooth Low Energy Handler component of the Mendi Neurofeedback Headset V4, allowing for the cleartext transmission of sensitive information. The attack requires manipulation and can only be performed from the local network. Exploitation is considered difficult. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** motogadget mo.lock Bloqueio de Ignição versões anteriores a 20251126 **Descrição** Existe um problema de segurança no componente NFC Handler do motogadget mo.lock Bloqueio de Ignição. O problema envolve o uso de uma chave criptográfica hardcoded, potencialmente permitindo manipulação. O ataque requer um alto nível de complexidade e parece difícil de explorar, tendo como alvo o dispositivo físico. O fabricante foi contatado sobre este problema, mas não respondeu. **Recomendações** Atualize para uma versão posterior a 20251125.