Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.
An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
References
Configurations
No configuration.
History
26 Jun 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
25 Jun 2026, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 15:16
Updated : 2026-06-26 07:16
NVD link : CVE-2026-49319
Mitre link : CVE-2026-49319
CVE.ORG link : CVE-2026-49319
JSON object : View
Products Affected
No product.
CWE
CWE-294
Authentication Bypass by Capture-replay
