CVE-2026-4582 Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attac...

HCCTG MPOS M6 PLUS 访问控制错误漏洞

HCCTG MPOS M6 PLUS is a mobile payment terminal device developed by HCCTG Corporation. The HCCTG MPOS M6 PLUS 1V.31-N version contains an access control vulnerability, which stems from the lack of authentication for the Bluetooth component...

CVE-2025-14346

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user...

EUVD-2026-0842

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user...

WHILL Model C2和WHILL Model F 访问控制错误漏洞

The WHILL Model C2 and WHILL Model F are both power wheelchairs from WHILL USA. An access control error vulnerability exists in the WHILL Model C2 and WHILL Model F. The vulnerability stems from a lack of authentication over a Bluetooth connection, which could lead to unauthorized control of the...

PT-2025-54437

Name of the Vulnerable Software and Affected Versions WHILL Model C2 Electric Wheelchairs WHILL Model F Power Chairs affected versions not specified Description The WHILL Model C2 and Model F wheelchairs lack authentication for Bluetooth connections. An attacker within range can connect to the...

CVE-2025-5476 Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability

Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-5820 Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability

Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2021-25424

Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness...

CVE-2020-29439

Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module BCM to initiate a Bluetooth wake-up action. The full VIN is visible from outside the vehicle...

Linux Distros Unpatched Vulnerability : CVE-2020-10135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to comple...

PT-2024-20201 · Autel · Autel Maxicharger Ac Elite Business C50

Name of the Vulnerable Software and Affected Versions: Autel MaxiCharger AC Elite Business C50 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations...

Huawei Smart Screen License Issue Vulnerability

Huawei Smart Screen Huawei Smart Screen is China's Huawei Huawei equipped with 120Hz high refresh rate screen and HarmonyOS system, providing the ultimate smooth sports experience and full-scene smart life. A security vulnerability exists in Huawei Smart Screen, which originates from an...

PT-2023-21457 · Apple · Airpods

Name of the Vulnerable Software and Affected Versions: AirPods Firmware versions prior to 5E133 Description: An authentication issue was addressed with improved state management. When the headphones are seeking a connection request to one of the previously paired devices, an attacker in Bluetooth...

CVE-2022-31463

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used...

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity" aka VIA, the recurring authentication scheme...

USN-4752-1 linux-oem-5.6 vulnerabilities

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proxima...

USN-4680-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service system crash. CVE-2019-19770 It was discovered that a race condition existed in the binder IPC...

SUSE-SU-2020:2623-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6dstlookupflow instead of ip6dstlookup bsc1165629. - CVE-2020-14314: Fixed a potential negative array index in dosplit bsc1173798. -...

SUSE-SU-2020:2541-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6dstlookupflow instead of ip6dstlookup bsc1165629. - CVE-2020-14314: Fixed a potential negative array index in dosplit bsc1173798. -...