CVE-2026-2541

Summary

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle.

Affected Software

VendorProductVersion RangeStatus
Micca Auto Electronics Co., Ltd.Car Alarm System KE700KE700affected
Micca Auto Electronics Co., Ltd.Car Alarm System KE700KE700+unknown

Weaknesses

  • CWE-331: CWE-331: Insufficient Entropy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References