CVE-2026-2539

The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication.

CVSS

No CVSS.

References

Link	Resource
https://asrg.io/security-advisories/cve-2026-2539-micca-ke700-cleartext-transmission-of-key-fob-id/

Configurations

No configuration.

History

18 Feb 2026, 17:52

Type	Values Removed	Values Added
Summary		(es) El protocolo de comunicación RF en el sistema de alarma de coche Micca KE700 no cifra sus tramas de datos. Un atacante con una herramienta de intercepción de radio (p. ej., SDR) puede capturar el número aleatorio y los contadores transmitidos en texto claro, lo cual es información sensible necesaria para la autenticación.

15 Feb 2026, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-15 11:15

Updated : 2026-02-18 17:52

NVD link : CVE-2026-2539

Mitre link : CVE-2026-2539

CVE.ORG link : CVE-2026-2539

JSON object : View

Products Affected

No product.

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2026-2539", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve@asrg.io", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.7, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:H/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "HIGH", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-15T11:15:54.897", "references": [{"url": "https://asrg.io/security-advisories/cve-2026-2539-micca-ke700-cleartext-transmission-of-key-fob-id/", "source": "cve@asrg.io"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@asrg.io", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters\u00a0transmitted in cleartext, which is sensitive information required for authentication."}, {"lang": "es", "value": "El protocolo de comunicaci\u00f3n RF en el sistema de alarma de coche Micca KE700 no cifra sus tramas de datos. Un atacante con una herramienta de intercepci\u00f3n de radio (p. ej., SDR) puede capturar el n\u00famero aleatorio y los contadores transmitidos en texto claro, lo cual es informaci\u00f3n sensible necesaria para la autenticaci\u00f3n."}], "lastModified": "2026-02-18T17:52:22.253", "sourceIdentifier": "cve@asrg.io"}