Vulnerability Description
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honda | Civic 2018 Firmware | - |
| Honda | Civic 2018 | - |
Related Weaknesses (CWE)
References
- https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=shariExploitThird Party Advisory
- https://github.com/HackingIntoYourHeart/Unoriginal-Rice-PattyExploitThird Party Advisory
- https://github.com/nonamecoder/CVE-2022-27254ExploitThird Party Advisory
- https://news.ycombinator.com/item?id=30804702ExploitIssue TrackingThird Party Advisory
- https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-anExploitThird Party Advisory
- https://www.theregister.com/2022/03/25/honda_civic_hack/ExploitThird Party Advisory
- https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=shariExploitThird Party Advisory
- https://github.com/HackingIntoYourHeart/Unoriginal-Rice-PattyExploitThird Party Advisory
- https://github.com/nonamecoder/CVE-2022-27254ExploitThird Party Advisory
- https://news.ycombinator.com/item?id=30804702ExploitIssue TrackingThird Party Advisory
- https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-anExploitThird Party Advisory
- https://www.theregister.com/2022/03/25/honda_civic_hack/ExploitThird Party Advisory
FAQ
What is CVE-2022-27254?
CVE-2022-27254 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
How severe is CVE-2022-27254?
CVE-2022-27254 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27254?
Check the references section above for vendor advisories and patch information. Affected products include: Honda Civic 2018 Firmware, Honda Civic 2018.