CVE-2026-4583
Received Received - Intake
Authentication Bypass via Replay in Shenzhen HCC Bluetooth Handler

Publication date: 2026-03-23

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the local network. The attack is considered to have high complexity. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4583
EUVD
EUVD-2026-14399
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shenzhen_hcc_technology mpos_m6_plus 1.31-n
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-294 A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-4583 vulnerability affects the Bluetooth protocol of the Shenzhen HCC Technology MPOS M6 PLUS device. It lacks anti-replay protection mechanisms, allowing an attacker to capture legitimate Bluetooth commands and replay them repeatedly. This causes the terminal to process each replay as a new, independent transaction, effectively bypassing authentication.

The protocol is missing standard anti-replay controls such as nonces, timestamp validation, sequence counters, session identifiers, and command deduplication. Although commands contain a timestamp tag, the terminal does not validate it, making the timestamp ineffective against replay attacks.

The attack requires Bluetooth proximity, low complexity, no privileges or authentication, but does require user interaction to capture legitimate transactions.

Impact Analysis

This vulnerability can lead to unauthorized multiplication of transactions on the affected terminal. For example, a single approved transaction of R$ 100 can be replayed multiple times, resulting in unlimited unauthorized charges.

While the attack does not impact confidentiality or availability, it has a high impact on integrity because it allows attackers to bypass authentication and perform fraudulent transactions without detection.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves the Bluetooth protocol of the M6PLUS terminal lacking anti-replay protections, allowing capture and replay of legitimate commands. Detection involves monitoring for repeated identical Bluetooth commands that result in multiple identical transactions.

Since the attack requires Bluetooth proximity and involves replaying captured packets, detection can be done by capturing Bluetooth traffic and analyzing it for repeated command packets with the proprietary Tag 1F03 timestamp that does not change or is not validated.

Specific commands to detect this vulnerability are not provided in the resources. However, using Bluetooth packet capture tools (e.g., hcidump or Wireshark with Bluetooth support) to capture and analyze traffic for repeated identical commands could help identify exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting Bluetooth access to trusted devices only and limiting physical proximity to the terminal to prevent attackers from capturing Bluetooth commands.

Since the vulnerability arises from missing anti-replay protections such as nonces, timestamp validation, sequence counters, and command deduplication, the recommended remediation is to implement cryptographic nonces and timestamp validation in the Bluetooth protocol handling.

As the vendor has not responded, and no patches are available, physical security and network segmentation to isolate the device from untrusted Bluetooth devices are critical immediate steps.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4583. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart