PT-2026-8235 · Unknown · Micca Ke700
Danilo Erazo
·
Published
2026-02-15
·
Updated
2026-02-15
·
CVE-2026-2540
CVSS v4.0
8.4
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:M/U:X |
Name of the Vulnerable Software and Affected Versions
Micca KE700 (affected versions not specified)
Description
The system has flawed resynchronization logic, making it susceptible to replay attacks. An attacker can exploit this by sending two previously captured codes in a specific sequence, forcing the system to accept stale rolling codes and execute a command. Successful exploitation allows the attacker to clone the alarm key, granting unauthorized access to the vehicle, enabling them to lock or unlock the doors remotely.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Micca Ke700