CVE-2026-2541

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle.

CVSS

No CVSS.

References

Link	Resource
https://asrg.io/security-advisories/cve-2026-2541/

Configurations

No configuration.

History

18 Feb 2026, 17:52

Type	Values Removed	Values Added
Summary		(es) El sistema Micca KE700 se basa en una porción de 6 bits de un identificador para la autenticación dentro de códigos rotatorios, lo que proporciona solo 64 combinaciones posibles. Esta baja entropía permite a un atacante realizar un ataque de fuerza bruta contra un componente del código rotatorio. La explotación exitosa simplifica a un atacante predecir el siguiente código rotatorio válido, lo que otorga acceso no autorizado al vehículo.

15 Feb 2026, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-15 11:15

Updated : 2026-02-18 17:52

NVD link : CVE-2026-2541

Mitre link : CVE-2026-2541

CVE.ORG link : CVE-2026-2541

JSON object : View

Products Affected

No product.

CWE

CWE-331

Insufficient Entropy

{"id": "CVE-2026-2541", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve@asrg.io", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.4, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:H/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "HIGH", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-15T11:15:55.223", "references": [{"url": "https://asrg.io/security-advisories/cve-2026-2541/", "source": "cve@asrg.io"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@asrg.io", "description": [{"lang": "en", "value": "CWE-331"}]}], "descriptions": [{"lang": "en", "value": "The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle."}, {"lang": "es", "value": "El sistema Micca KE700 se basa en una porci\u00f3n de 6 bits de un identificador para la autenticaci\u00f3n dentro de c\u00f3digos rotatorios, lo que proporciona solo 64 combinaciones posibles. Esta baja entrop\u00eda permite a un atacante realizar un ataque de fuerza bruta contra un componente del c\u00f3digo rotatorio. La explotaci\u00f3n exitosa simplifica a un atacante predecir el siguiente c\u00f3digo rotatorio v\u00e1lido, lo que otorga acceso no autorizado al veh\u00edculo."}], "lastModified": "2026-02-18T17:52:22.253", "sourceIdentifier": "cve@asrg.io"}