Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by Mendi

CVE-2026-2671 (GCVE-0-2026-2671)

Vulnerability from cvelistv5 – Published: 2026-03-07 18:02 – Updated: 2026-03-11 16:28

Title

Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission

Summary

A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the local network. The attack's complexity is rated as high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

2.3 (Low)


                        
                          CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

3.1 (Low)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R

3.1 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R

CWE

CWE-319 - Cleartext Transmission of Sensitive Information
CWE-310 - Cryptographic Issues

Assigner

VulDB

References

4 references

URL	Tags
https://vuldb.com/?id.349702	vdb-entry
https://vuldb.com/?ctiid.349702	signaturepermissions-required
https://vuldb.com/?submit.766457	third-party-advisory
https://ab3j.radio/mendi.pdf	related

Impacted products

1 product

Vendor	Product	Version
Mendi	Neurofeedback Headset	Affected: V4

Credits

drewbug (VulDB User) VulDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2671",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T16:13:09.755986Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T16:28:55.048Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Bluetooth Low Energy Handler"
          ],
          "product": "Neurofeedback Headset",
          "vendor": "Mendi",
          "versions": [
            {
              "status": "affected",
              "version": "V4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "drewbug (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the local network. The attack\u0027s complexity is rated as high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.8,
            "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "Cryptographic Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-07T18:02:07.505Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-349702 | Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.349702"
        },
        {
          "name": "VDB-349702 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.349702"
        },
        {
          "name": "Submit #766457 | Mendi Innovation AB Mendi V4 Cleartext Transmission of Sensitive Information",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.766457"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://ab3j.radio/mendi.pdf"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-07T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-07T18:44:25.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-2671",
    "datePublished": "2026-03-07T18:02:07.505Z",
    "dateReserved": "2026-02-18T09:19:04.704Z",
    "dateUpdated": "2026-03-11T16:28:55.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}