Black & White Path

Apr 10, 2026 · Information Security

How the M6Plus Bluetooth POS Can Reverse‑Hijack Your PC via CVE‑2026‑4583

A deep security analysis reveals that the M6Plus Bluetooth payment terminal suffers from a protocol flaw—CVE‑2026‑4583—that lacks encryption, replay protection, and uses a weak XOR checksum, enabling attackers to spoof the device, inject malicious packets, and gain admin control of paired computers or phones.