CVE-2026-2540

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successful exploitation allows an attacker to clone the alarm key. This grants the attacker unauthorized access to the vehicle to unlock or lock the doors.

CVSS

No CVSS.

References

Link	Resource
https://asrg.io/security-advisories/cve-2026-2540/

Configurations

No configuration.

History

No history.

Information

Published : 2026-02-15 11:15

Updated : 2026-02-18 17:52

NVD link : CVE-2026-2540

Mitre link : CVE-2026-2540

CVE.ORG link : CVE-2026-2540

JSON object : View

Products Affected

No product.

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-294

Authentication Bypass by Capture-replay

{"id": "CVE-2026-2540", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve@asrg.io", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:M/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-15T11:15:55.070", "references": [{"url": "https://asrg.io/security-advisories/cve-2026-2540/", "source": "cve@asrg.io"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@asrg.io", "description": [{"lang": "en", "value": "CWE-288"}, {"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successful exploitation allows an attacker to clone the alarm key. This grants the attacker unauthorized access to the vehicle to unlock or lock the doors."}, {"lang": "es", "value": "El sistema Micca KE700 contiene l\u00f3gica de resincronizaci\u00f3n defectuosa y es vulnerable a ataques de repetici\u00f3n. Este ataque requiere el env\u00edo de dos c\u00f3digos previamente capturados en una secuencia espec\u00edfica. Como resultado, el sistema puede ser forzado a aceptar c\u00f3digos rotatorios previamente usados (obsoletos) y ejecutar un comando. La explotaci\u00f3n exitosa permite a un atacante clonar la llave de la alarma. Esto otorga al atacante acceso no autorizado al veh\u00edculo para desbloquear o bloquear las puertas."}], "lastModified": "2026-02-18T17:52:22.253", "sourceIdentifier": "cve@asrg.io"}

CVE-2026-2540

JSON object

Attach tags to CVE-2026-2540

Attach tags to `CVE-2026-2540`