CVE-2026-4583

Name of the Vulnerable Software and Affected Versions Shenzhen HCC Technology MPOS M6 PLUS version 1V.31-N

Description An issue exists in the Bluetooth Handler component where the Bluetooth protocol lacks cryptographic authentication mechanisms. The system relies on a trivial single-byte XOR checksum for integrity checks, which can be recalculated by an attacker. This allows a remote attacker on the local network to perform a capture-replay manipulation to bypass authentication and inject arbitrary transaction commands without the terminal verifying the origin or authenticity of the command. This attack is considered to have high complexity and is difficult to exploit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.