EUVD-2026-14408
GHSA-vmxp-224r-5qhc
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4Description
A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
The Shenzhen HCC Technology MPOS M6 PLUS device running firmware version 1V.31-N contains a cleartext transmission vulnerability in its Cardholder Data Handler component that allows attackers on the local network to intercept sensitive information. An attacker with network access can manipulate the affected component to force transmission of cardholder data in cleartext, compromising payment card information. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today