Vulnerability Description
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successful exploitation allows an attacker to clone the alarm key. This grants the attacker unauthorized access to the vehicle to unlock or lock the doors.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-2540?
CVE-2026-2540 is a documented vulnerability. The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the ...
How severe is CVE-2026-2540?
CVSS scoring is not yet available for CVE-2026-2540. Check NVD for updates.
Is there a patch for CVE-2026-2540?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.