CVE-2026-2539

Summary

The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication.

Affected Software

VendorProductVersion RangeStatus
Micca Auto Electronics Co., Ltd.Car Alarm System KE700KE700affected
Micca Auto Electronics Co., Ltd.Car Alarm System KE700KE700+unknown

Weaknesses

  • CWE-319: CWE-319: Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References