Skip to main content

Scout Bobber + Tech EUVDEUVD-2026-33296

| CVE-2026-49317 LOW
Incorrect Behavior Order (CWE-696)
2026-05-29 ASRG GHSA-x7xq-w72j-v4qx
1.0
CVSS 4.0 · Vendor: ASRG

Severity by source

Vendor (ASRG) PRIMARY
1.0 LOW
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (ASRG) · only source for this CVE.

CVSS VectorVendor: ASRG

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
May 29, 2026 - 14:22 NVD
2.4 (LOW) 1.0 (LOW)
Analysis Generated
May 29, 2026 - 14:21 vuln.today

DescriptionCVE.org

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window - for example via a separately tracked CAN bus-off technique - can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation.

AnalysisAI

PIN entry bypass in the Indian Motorcycle Scout Bobber + Tech 2025 infotainment system allows an attacker with physical proximity to the vehicle to access the fully unlocked infotainment interface without entering the correct PIN. The root cause (CWE-696, Incorrect Behavior Order) is that the system treats the presence of Wireless Control Module (WCM) CAN bus traffic during its startup boot window as a proxy for immobilizer detection, and skips PIN enforcement entirely when no WCM messages are observed - a condition an attacker can manufacture by silencing the WCM. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain physical access to motorcycle CAN bus
Delivery
Initiate CAN bus-off attack against WCM node
Exploit
Suppress all WCM messages during infotainment boot window
Execution
Infotainment detects no WCM traffic, infers no immobilizer fitted
Persist
PIN entry screen skipped by design
Impact
Attacker presented with fully unlocked infotainment UI

Vulnerability AssessmentAI

Exploitation Exploitation requires physical access to the motorcycle's CAN bus (e.g., via the OBD/diagnostic port or a direct bus tap) during a specific startup boot window - the duration and exact timing of this window have been withheld by ASRG pending vendor remediation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 2.4 (Low) reflects significant physical constraints: AV:P (Physical access required), AC:L (Low attack complexity), PR:N (no privileges required), UI:N (no user interaction needed), with impact limited to C:L (Low confidentiality) and no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to the motorcycle's CAN bus - obtained via the OBD diagnostic port or a direct bus tap - initiates a CAN bus-off attack targeting the Wireless Control Module during the infotainment's startup boot window, suppressing all WCM messages. The infotainment interprets the absence of WCM traffic as evidence that no immobilizer is fitted and skips the PIN entry screen, presenting the fully unlocked user interface. …
Remediation No vendor-released patch has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33296 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy