CVE-2026-2756
Received Received - Intake
Authentication Bypass in OmniPEMF NeoRhythm BLE Interface

Publication date: 2026-03-21

Last updated on: 2026-03-21

Assigner: VulDB

Description
A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-21
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2756
EUVD
EUVD-2026-14254
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
omnipemf neorhythm to 20260308 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have direct physical impacts on users of the OmniPEMF NeoRhythm device.

An attacker can inject unauthorized control signals to alter neurostimulation parameters, potentially causing unexpected electromagnetic pulses.

Such manipulation could lead to adverse neurological effects without any indication to the user, posing a significant health risk.

Compliance Impact

I don't know

Executive Summary

CVE-2026-2756 is a security vulnerability in the Bluetooth Low Energy (BLE) implementation of the OmniPEMF NeoRhythm device. The BLE interface lacks encryption, authentication, and access controls, allowing any attacker within BLE range to connect and send arbitrary data without pairing or authentication.

This means an attacker can manipulate neurostimulation session parameters such as intensity, frequency, duration, and program modes by injecting malicious control signals in real-time.

The root cause is the device’s completely open BLE interface with writable control characteristics and no security measures like encryption or authentication.

To fix this, the device firmware needs to implement BLE Secure Connections with authenticated pairing or strong encryption and mutual authentication to restrict control to authorized clients only.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability affects the Bluetooth Low Energy (BLE) interface of the OmniPEMF NeoRhythm device, which lacks encryption and authentication, allowing unauthorized BLE connections.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system or network, you can scan for BLE devices and attempt to connect to the NeoRhythm device without pairing or authentication.'}, {'type': 'paragraph', 'content': "Using BLE scanning tools such as 'bluetoothctl' on Linux or 'hcitool' can help identify the device and its BLE services."}, {'type': 'list_item', 'content': "Use 'bluetoothctl' to scan and connect:\n1. Run 'bluetoothctl'\n2. Enter 'scan on' to discover nearby BLE devices\n3. Identify the NeoRhythm device by its name or MAC address\n4. Attempt to connect using 'connect <MAC_address>' without pairing"}, {'type': 'list_item', 'content': "Use 'gatttool' to explore GATT characteristics:\n1. Run 'gatttool -b <MAC_address> -I'\n2. Use 'connect' to connect to the device\n3. Use 'primary' and 'characteristics' commands to list services and characteristics\n4. Attempt to write to writable characteristics without authentication"}, {'type': 'paragraph', 'content': 'If you can connect and write to the device without any authentication or pairing, the device is vulnerable.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting physical and network access to the device since the attack requires local BLE range.

Avoid using the device in unsecured or public environments where unauthorized BLE connections could be attempted.

Monitor for firmware updates from the vendor that implement BLE Secure Connections (LESC) with authenticated pairing or strong encryption and mutual authentication.

Until a firmware update is available, consider disabling the BLE interface if possible or limiting device usage to trusted environments.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2756. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart