CVE-2026-2540
Lifecycle Timeline
2DescriptionCVE.org
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successful exploitation allows an attacker to clone the alarm key. This grants the attacker unauthorized access to the vehicle to unlock or lock the doors.
AnalysisAI
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence.
Technical ContextAI
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successful exploitation allows an attacker to clone the alarm key. This grants the attacker unauthorized access to the vehicle to unlock or lock the doors.
Affected ProductsAI
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks
RemediationAI
Monitor vendor advisories for a patch.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today