Drewbug

**Name of the Vulnerable Software and Affected Versions** OmniPEMF NeoRhythm versions up to 20260308 **Description** A security issue has been identified in OmniPEMF NeoRhythm related to missing authentication within the BLE Interface component. The attack requires high complexity and is considered difficult to exploit, and can only be initiated locally. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions up to 20260308 require a fix to address the missing authentication in the BLE Interface component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mendi Neurofeedback Headset version V4 **Description** A vulnerability exists in the Bluetooth Low Energy Handler component of the Mendi Neurofeedback Headset V4, allowing for the cleartext transmission of sensitive information. The attack requires manipulation and can only be performed from the local network. Exploitation is considered difficult. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** motogadget mo.lock Ignition Lock versions prior to 20251126 **Description** A security issue exists in the NFC Handler component of the motogadget mo.lock Ignition Lock. The issue involves the use of a hard-coded cryptographic key, potentially allowing for manipulation. The attack requires a high level of complexity and appears difficult to exploit, and targets the physical device. The vendor was contacted regarding this issue but did not respond. **Recommendations** Update to a version later than 20251125.