PT-2026-44758 · Indian Motorcycle · Scout Bobber + Tech 2025

Scott Sheahan

·

Published

2026-05-29

·

Updated

2026-06-27

·

CVE-2026-49322

CVSS v3.1

4.3

Medium

VectorAV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Indian Motorcycle Scout Bobber + Tech 2025 model year
Description Weak authentication in the Wireless Control Module (WCM) allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The Infotainment Digital Round display computes its response using a non-cryptographic operation instead of a cryptographic challenge-response, making the PIN mathematically derivable from one captured exchange and bypassing the primary user-authentication control.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-49322

Affected Products

Scout Bobber + Tech 2025