Search
Find a vulnerability
Search criteria
2 vulnerabilities by Alps Electric Co., Ltd.
CVE-2026-49319 (GCVE-0-2026-49319)
Vulnerability from nvd – Published: 2026-06-25 14:11 – Updated: 2026-06-26 05:00
VLAI
EPSS
VEX
Title
Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack
Summary
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.
An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://fccid.io/CWTR53R0 | product |
| https://www.asrg.io/security-advisories/cve-2026-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Alps Electric Co., Ltd. | Remote Keyless Entry System (RKES) R53R0 |
Affected:
R53R0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T15:12:12.690462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T15:12:19.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Rolling-code authentication / resynchronization logic"
],
"product": "Remote Keyless Entry System (RKES) R53R0",
"vendor": "Alps Electric Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "R53R0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Danilo Erazo (Automotive Cybersecurity Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAn attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on\u0026nbsp;\u003cspan\u003ea 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.\u00a0\n\n\n\nAn attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on\u00a0a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Reusing Session IDs (aka Session Replay)"
}
]
},
{
"descriptions": [
{
"lang": "en",
"value": "Sniffing Network Traffic"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T05:00:00.212Z",
"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"shortName": "ASRG"
},
"references": [
{
"tags": [
"product"
],
"url": "https://fccid.io/CWTR53R0"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.asrg.io/security-advisories/cve-2026-49319-suzuki-swift-2024-rkes-rollback-replay"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"assignerShortName": "ASRG",
"cveId": "CVE-2026-49319",
"datePublished": "2026-06-25T14:11:18.921Z",
"dateReserved": "2026-05-29T07:26:43.198Z",
"dateUpdated": "2026-06-26T05:00:00.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49319 (GCVE-0-2026-49319)
Vulnerability from cvelistv5 – Published: 2026-06-25 14:11 – Updated: 2026-06-26 05:00
VLAI
EPSS
VEX
Title
Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack
Summary
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.
An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://fccid.io/CWTR53R0 | product |
| https://www.asrg.io/security-advisories/cve-2026-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Alps Electric Co., Ltd. | Remote Keyless Entry System (RKES) R53R0 |
Affected:
R53R0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T15:12:12.690462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T15:12:19.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Rolling-code authentication / resynchronization logic"
],
"product": "Remote Keyless Entry System (RKES) R53R0",
"vendor": "Alps Electric Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "R53R0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Danilo Erazo (Automotive Cybersecurity Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAn attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on\u0026nbsp;\u003cspan\u003ea 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.\u00a0\n\n\n\nAn attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on\u00a0a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Reusing Session IDs (aka Session Replay)"
}
]
},
{
"descriptions": [
{
"lang": "en",
"value": "Sniffing Network Traffic"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T05:00:00.212Z",
"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"shortName": "ASRG"
},
"references": [
{
"tags": [
"product"
],
"url": "https://fccid.io/CWTR53R0"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.asrg.io/security-advisories/cve-2026-49319-suzuki-swift-2024-rkes-rollback-replay"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"assignerShortName": "ASRG",
"cveId": "CVE-2026-49319",
"datePublished": "2026-06-25T14:11:18.921Z",
"dateReserved": "2026-05-29T07:26:43.198Z",
"dateUpdated": "2026-06-26T05:00:00.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}