PT-2026-8235 · Unknown · Micca Ke700
Danilo Erazo
·
Publicado
2026-02-15
·
Atualizado
2026-02-15
·
CVE-2026-2540
CVSS v4.0
8.4
Alta
| Vetor | AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:M/U:X |
Name of the Vulnerable Software and Affected Versions
Micca KE700 (affected versions not specified)
Description
The system has flawed resynchronization logic, making it susceptible to replay attacks. An attacker can exploit this by sending two previously captured codes in a specific sequence, forcing the system to accept stale rolling codes and execute a command. Successful exploitation allows the attacker to clone the alarm key, granting unauthorized access to the vehicle, enabling them to lock or unlock the doors remotely.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Authentication Bypass Using an Alternate Path or Channel
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Micca Ke700