Primary

Context

Honeywell Handheld Scanners Missing Authentication Vulnerability Allowing Remote Command Execution

Vulnerability

A vulnerability allowing authentication abuse has been identified in Honeywell Handheld Scanners. This issue affects scanners from the C1 Base (Ingenic x1000) prior to GK000432BAA, from the D1 Base (Ingenic x1600) prior to HE000085BAA, and from the A1/B1 Base (IMX25) prior to BK000763BAA, BK000765BAA, and CU000101BAA. The vulnerability arises from missing authentication for critical functions, enabling a remote attacker within Bluetooth range of the scanner's base station to execute system commands on the host connected to the base station, without authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized remote execution of system commands on the host connected to the scanner's base station.

Remediation

Users are advised to upgrade to the latest version to address this vulnerability.

Added: Apr 5, 2026, 10:19 PM

Updated: Apr 5, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.9

remediation

0.0

relevance

5.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.9

remediation

0.0

relevance

5.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Honeywell Handheld Scanners Missing Authentication Vulnerability Allowing Remote Command Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating