Platform
other
Component
neorhythm-ble-interface
Opgelost in
20260308.0.1
A security vulnerability has been identified in the NeoRhythm BLE Interface component, specifically affecting versions up to 20260308. This issue stems from a missing authentication check, potentially allowing unauthorized access. The vulnerability requires an attacker to be within the local network and is considered difficult to exploit. No official fix has been released at this time.
The core impact of CVE-2026-2756 lies in the potential for unauthorized access to the NeoRhythm device. Without proper authentication, an attacker within the local network could potentially manipulate the device's functionality or access sensitive data transmitted via the BLE interface. While the exploitability is reported as difficult, successful exploitation could lead to a compromise of the device's intended operation and potentially expose user data. The lack of vendor response raises concerns about the long-term security posture of the device.
CVE-2026-2756 is currently not listed on the CISA KEV catalog. The exploitability is reported as difficult, suggesting a lower probability of immediate exploitation. Public proof-of-concept (POC) code is not currently available. The vulnerability was disclosed on 2026-03-21, and the vendor was contacted but did not respond, which is a significant factor in assessing the risk.
Users of NeoRhythm devices running versions up to 20260308 are at risk, particularly those who rely on the device's BLE interface for sensitive data transmission or control. Individuals using the device in environments with limited network security controls are especially vulnerable.
disclosure
Exploit Status
EPSS
0.04% (11% percentiel)
CISA SSVC
CVSS-vector
Given the lack of a vendor-supplied patch, mitigation strategies focus on reducing the attack surface and detecting potential exploitation. Restricting network access to the NeoRhythm device is paramount; consider segmenting it onto a separate VLAN or using network-based access controls. Monitor network traffic for unusual BLE connections or data patterns. Due to the difficulty of exploitation, continuous monitoring is more critical than immediate remediation. Implement intrusion detection systems (IDS) capable of analyzing BLE traffic for anomalies. Regularly review device configurations and ensure they adhere to security best practices.
Dit medische apparaat heeft een authenticatie kwetsbaarheid in zijn BLE interface. Aangezien de leverancier niet heeft gereageerd, wordt aanbevolen om rechtstreeks contact met hen op te nemen voor een oplossing. In de tussentijd, beperk de toegang tot het lokale netwerk waar het apparaat wordt gebruikt en overweeg de BLE-functionaliteit uit te schakelen als deze niet essentieel is.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-2756 describes a vulnerability in the NeoRhythm BLE Interface where a missing authentication check allows unauthorized access within the local network. The CVSS score is 5 (MEDIUM).
You are affected if you are using a NeoRhythm device with a BLE Interface version up to 20260308. Check your device's firmware version to determine if you are vulnerable.
Currently, there is no official patch available. Mitigation focuses on network segmentation, access controls, and monitoring for suspicious activity.
There are no confirmed reports of active exploitation at this time, but the vulnerability remains present and requires mitigation.
The vendor has not released an official advisory. Monitor NeoRhythm's website and security channels for updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.