Shanghai Sunmi Technology Co., Ltd. — 3 prefixes (MA-L)

Sunmi (legal entity "Shanghai Sunmi Technology Co.,Ltd.") is a Shanghai-based commercial hardware vendor whose IEEE MAC footprint comprises three MA-L blocks — 1C:1A:1B, 74:F7:F6, and 68:50:8C — all registered to the same company at its Yangpu District address (Room 505, KIC Plaza, No.388 Song Hu Road). The company designs Android-based business-IoT hardware: mobile and desktop POS terminals, NFC/EMV payment terminals, kiosks, interactive customer displays (CPad), handheld PDAs and mobile computers, label printers, and WiFi base stations, all running its Android-derived SUNMI OS and aimed at retail, food-and-beverage, hospitality, logistics, and healthcare deployments. Because Sunmi is a high-volume B2B manufacturer rather than a hobbyist or small-run shop, a Sunmi OUI seen on a LAN reliably indicates a commercial payment terminal, kiosk, PDA, or POS device — a useful asset-classification signal. Current payment hardware carries PCI PTS, EMV L1/L2, and PCI P2PE certifications and ships with a Trusted Execution Environment; however, legacy V2-era devices (Android 7.1.1, MediaTek MT6739) carried CVE-2020-0069 exposure and shipped with ADB reachable without RSA-key trust, so device generation matters for risk assessment. Sunmi's Chinese ownership and strategic investment from Xiaomi, Ant Group, and Meituan are relevant supply-chain data points in enterprise contexts. As with all OUI data, IEEE publishes no registration dates for these blocks — third-party "date registered" timestamps are database artifacts, not IEEE facts.

IEEE assignment

3 prefixes → Shanghai Sunmi Technology Co.,Ltd., registered Shanghai (Yangpu District), CN [Confirmed] — IEEE MA-L (enrichment/registries/oui.csv)

Registry / block size

MA-L (24-bit OUI); 3 IEEE prefixes (~16.7M addresses each) [Confirmed] — enrichment/registries/oui.csv. NOTE: IEEE's public OUI data publishes NO assignment/registration date; any "date registered" on third-party tools (maclookup.app shows 74:F7:F6=2020-05-21, 1C:1A:1B=2022-08-19, 68:50:8C=2024-11-08) is a database artifact, not an IEEE fact.

Verified prefixes (all MA-L, Shanghai Sunmi Technology Co.,Ltd.)

1C:1A:1B, 74:F7:F6, 68:50:8C [Confirmed] — enrichment/registries/oui.csv, maclookup.app

HQ / country

Room 505, KIC Plaza, No.388 Song Hu Road, Yangpu District, Shanghai 200433, CN [Confirmed] — enrichment/registries/oui.csv (earliest record omits "KIC Plaza"; later records include it — canonical address uses the KIC Plaza variant)

Short name / brand

SUNMI [Confirmed] — sunmi.com

Company status

active; founded December 2013 [Confirmed founded; founded date single-source] — baike.baidu.com/en/item, sunmi.com/en/about-us

Device types

Android-based business-IoT hardware — POS terminals (mobile/desktop/handheld), NFC/EMV payment terminals, kiosks, interactive displays (CPad), PDAs/mobile computers, label printers, WiFi base stations, electronic shelf labels; all run SUNMI OS [Confirmed] — sunmi.com/en/products, sunmi.com/en/about-us

Markets / industry

B2B only — retail, F&B, hospitality, logistics, healthcare [Confirmed] — sunmi.com/en/about-us

Global scale

claims operations in 200+ countries/regions, 100+ industries, 3M+ merchants, >10% global share of Android BIoT (2024) [Likely — single-source company/baike figures] — baike.baidu.com/en/item

Registry CSV cross-check

no match in MA-M (mam.csv) or MA-S (oui36.csv) — all three blocks are MA-L only [Confirmed] — enrichment/registries/mam.csv, enrichment/registries/oui36.csv

Security context

current payment terminals hold PCI PTS, EMV L1/L2 (Mastercard/Visa/Amex/UnionPay), PCI P2PE, ship with a Trusted Execution Environment (SUNMI OS 4.0 marketed PCI/EMV certified); legacy Sunmi V2 (Android 7.1.1, MT6739WA) was exposed to CVE-2020-0069 (MTK-SU privilege escalation) with ADB reachable without RSA-key trust — risk is device-generation specific [Confirmed] — m.sunmi.com/en/privacy-and-security/terminal-security, lena.nihil.gay/blog/sunmi-v2-reverse-engineering

Ownership / supply-chain note

strategic investment from Xiaomi (2016), Ant Group, and Meituan; Chinese corporate affiliation relevant to enterprise supply-chain trust [Confirmed] — baike.baidu.com/en/item

Analyst note

a Sunmi OUI on a LAN strongly indicates a commercial POS/payment terminal, kiosk, or PDA (high-volume B2B vendor, not hobbyist); assess payment-grade security on current devices and CVE-2020-0069 exposure on legacy V2-era hardware.