CVE-2026-49319

Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.  An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
Configurations

No configuration.

History

26 Jun 2026, 07:16

Type Values Removed Values Added
References
  • () https://www.asrg.io/security-advisories/cve-2026-49319-suzuki-swift-2024-rkes-rollback-replay -

25 Jun 2026, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 15:16

Updated : 2026-06-26 07:16


NVD link : CVE-2026-49319

Mitre link : CVE-2026-49319

CVE.ORG link : CVE-2026-49319


JSON object : View

Products Affected

No product.

CWE
CWE-294

Authentication Bypass by Capture-replay