Micca KE700 Brute-force vulnerability due to low entropy_CVE-2026-2541

6.4 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:H/V:D/RE:H

Description

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle.

Basic Information

ID CVE-2026-2541

Source ASRG

Published Feb 15, 2026 at 11:07

Affected Product

Vendor Micca Auto Electronics Co., Ltd.

Product Car Alarm System KE700

Version KE700

Affected Versions Micca Auto Electronics Co., Ltd. Car Alarm System KE700 KE700

CWE Classification

CWE-331

References

asrg.io /security-advisories/cve-2026-2541/

{
    "lastseen": "",
    "description": "The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle.",
    "published": "2026-02-15T11:07:40.539Z",
    "modified": "2026-02-15T11:07:40.539Z",
    "type": "cve",
    "title": "Micca KE700 Brute-force vulnerability due to low entropy",
    "source": "ASRG",
    "references": "https://asrg.io/security-advisories/cve-2026-2541/",
    "id": "CVE-2026-2541",
    "bulletinFamily": "",
    "cwe": [
        "CWE-331"
    ],
    "cvelist": null,
    "sourceData": "Micca Auto Electronics Co., Ltd. Car Alarm System KE700 KE700",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:H/V:D/RE:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Car Alarm System KE700",
    "version": "KE700",
    "vendor": "Micca Auto Electronics Co., Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}