Skip to main content

Scout Bobber + Tech CVE-2026-49323

| EUVDEUVD-2026-33287 MEDIUM
Weak Authentication (CWE-1390)
2026-05-29 ASRG GHSA-f65x-w4fq-xj28
4.1
CVSS 4.0 · Vendor: ASRG
Share

Severity by source

Vendor (ASRG) PRIMARY
4.1 MEDIUM
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (ASRG) · only source for this CVE.

CVSS VectorVendor: ASRG

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 29, 2026 - 13:22 vuln.today
CVSS changed
May 29, 2026 - 13:22 NVD
4.3 (MEDIUM) 4.1 (MEDIUM)

DescriptionCVE.org

Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively observing a single seed/key exchange. The WCM derives its response using a reversible, non-cryptographic operation rather than a cryptographic challenge-response, so the persistent immobilizer secret can be reconstructed from one captured exchange. With this secret the attacker can authenticate to the ECM independently of the WCM and start the engine, defeating the immobilizer. Specific protocol details have been withheld pending vendor remediation.

AnalysisAI

Immobilizer bypass in the 2025 Indian Motorcycle Scout Bobber + Tech (Polaris Inc.) allows a physically adjacent attacker to permanently defeat the engine immobilizer by passively capturing a single WCM-to-ECM seed/key exchange. The Wireless Control Module derives its authentication response using a reversible, non-cryptographic operation, meaning the persistent per-vehicle ECM immobilizer secret can be mathematically reconstructed from one captured exchange - no brute force required. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position within RF/wireless range of target motorcycle
Delivery
Passively capture WCM-ECM seed/key exchange during legitimate owner start
Exploit
Invert non-cryptographic derivation function to recover persistent immobilizer secret
Execution
Return to unattended motorcycle
Persist
Authenticate directly to ECM using derived secret
Impact
Start engine and steal vehicle

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be in adjacent wireless range of the target motorcycle at the moment the owner performs a legitimate engine-start key exchange (UI:R) - the attacker cannot trigger this exchange themselves. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Despite a CVSS 3.1 base score of 4.3 (Medium), the real-world risk to vehicle owners is materially higher than the score suggests in the context of vehicle theft. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker parks near a 2025 Indian Scout Bobber + Tech with a software-defined radio or equivalent in-vehicle network sniffer capable of passively recording the WCM-ECM authentication exchange. When the legitimate owner starts the motorcycle, the attacker captures the single seed/key pair. …
Remediation No vendor-released patch has been identified at time of analysis; Polaris Inc. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49323 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy