CVE-2026-4272

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Honeywell Handheld Scanners versions prior to C1 Base(Ingenic x1000) GK000432BAA, prior to D1 Base(Ingenic x1600) HE000085BAA, and prior to A1/B1 Base(IMX25) BK000763BAA BK000765BAA CU000101BAA.

Description A missing authentication check for a critical function in Honeywell Handheld Scanners allows for authentication abuse. A remote attacker within Bluetooth range of the scanner's base station can remotely execute system commands on the connected host without authentication.

Recommendations Upgrade to C1 Base(Ingenic x1000) GK000432BAA or later. Upgrade to D1 Base(Ingenic x1600) HE000085BAA or later. Upgrade to A1/B1 Base(IMX25) BK000763BAA BK000765BAA CU000101BAA or later.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2026-05577

CVE-2026-4272

Affected Products

Honeywell Handheld Scanners

Imx25

Ingenic X1000

Ingenic X1600

CVE-2026-4272

Weakness Enumeration

Related Identifiers

Affected Products

References · 10