Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-2540
PUBLISHED
More InfoOfficial Page
Assigner-ASRG
Assigner Org ID-c15abc07-96a9-4d11-a503-5d621bfe42ba
View Known Exploited Vulnerability (KEV) details
Published At-15 Feb, 2026 | 11:03
Updated At-15 Feb, 2026 | 11:03
Rejected At-
▼CVE Numbering Authority (CNA)
Micca KE700 Acceptance of previously used rolling codes

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successful exploitation allows an attacker to clone the alarm key. This grants the attacker unauthorized access to the vehicle to unlock or lock the doors.

Affected Products
Vendor
Micca Auto Electronics Co., Ltd.
Product
Car Alarm System KE700
Default Status
affected
Versions
Affected
  • KE700

unknown

  • KE700+
Problem Types
TypeCWE IDDescription
CWECWE-288CWE-288: Authentication Bypass Using an Alternate Path or Channel
CWECWE-294CWE-294: Authentication Bypass by Capture-replay
Type: CWE
CWE ID: CWE-288
Description: CWE-288: Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-294
Description: CWE-294: Authentication Bypass by Capture-replay
Metrics
VersionBase scoreBase severityVector
4.08.4HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:H/V:D/RE:M
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:H/V:D/RE:M
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-395CAPEC-395: Bypassing Electronic Locks and Access Controls
CAPEC ID: CAPEC-395
Description: CAPEC-395: Bypassing Electronic Locks and Access Controls
Solutions

* Enforce strict anti-replay: The receiver must maintain a persistent state (e.g., the counter value of the last valid code). It must never accept a code with a counter value less than or equal to the last known valid counter. * Secure resynchronization logic: The logic triggered by an old code is the flaw and must be removed. Secure resynchronization should only be triggered by codes that are ahead of the current counter to allow a "drifted" key fob to re-sync.

Configurations
Workarounds
Exploits
Credits
finder
Danilo Erazo
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://asrg.io/security-advisories/cve-2026-2540/
third-party-advisory
Hyperlink: https://asrg.io/security-advisories/cve-2026-2540/
Resource:
third-party-advisory
Details not found