EUVD-2026-14254
GHSA-jj82-76v6-933r
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
OmniPEMF NeoRhythm contains a missing authentication vulnerability in its Bluetooth Low Energy (BLE) interface that allows unauthenticated local network attackers to achieve limited unauthorized access. The vulnerability affects all versions up to and including 20260308 and requires high attack complexity but results in confidentiality, integrity, and availability impacts. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running OmniPEMF NeoRhythm and apply vendor patches as part of regular patch cycle. Audit authentication configurations.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today