CVE-2026-4584
CWE-310Published: March 23, 2026· Updated: Mar 23, 2026
Official Description
A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Technical Analysis
CVE-2026-4584 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (4)
Quick Facts
Related CVEs (CWE-310)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-4584 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts