CVE-2026-4584 PUBLISHED

A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.

• davimo (VulDB User) reporter
• VulDB coordinator

• VDB-352421 | Shenzhen HCC Technology MPOS M6 PLUS Cardholder Data cleartext transmission
• VDB-352421 | CTI Indicators (IOB, IOC, TTP)
• Submit #775435 | Shenzhen HCC Technology Co., Ltd M6PLUS MPOS M6PLUS-FW-1V.31-N Cleartext Sensitive Data Transmission
• https://github.com/Davim09/m6plusexploit/blob/main/docs/CVE-3-DataExposure.md

• Cleartext Transmission of Sensitive Information CWE
• Cryptographic Issues CWE