CVE-2026-2541 | THREATINT

Description

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle.

PUBLISHED Reserved 2026-02-15 | Published 2026-02-15 | Updated 2026-02-17 | Assigner ASRG

MEDIUM: 6.4CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:H/V:D/RE:H

Problem types

CWE-331: Insufficient Entropy

Product status

Default status

affected

KE700

affected

KE700+

unknown

Credits

Danilo Erazo finder

References

asrg.io/security-advisories/cve-2026-2541/ third-party-advisory

cve.org (CVE-2026-2541)

nvd.nist.gov (CVE-2026-2541)

Download JSON