CVE-2026-2539 (GCVE-0-2026-2539)

Vulnerability from cvelistv5 – Published: 2026-02-15 10:58 – Updated: 2026-02-17 17:07
VLAI?
Title
Micca KE700 Cleartext transmission of key fob ID
Summary
The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication.
Severity ?
5.7 (Medium)
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/AU:N/V:D/RE:H
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Micca Auto Electronics Co., Ltd. Car Alarm System KE700 Affected: KE700
Unknown: KE700+
Create a notification for this product.
Credits
Danilo Erazo
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T16:42:19.132639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T17:07:03.354Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "RF Communication Module"
          ],
          "platforms": [
            "Hardware"
          ],
          "product": "Car Alarm System KE700",
          "vendor": "Micca Auto Electronics Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "KE700"
            },
            {
              "status": "unknown",
              "version": "KE700+"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Danilo Erazo"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters\u0026nbsp;transmitted in cleartext, which is sensitive information required for authentication.\u003c/p\u003e"
            }
          ],
          "value": "The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters\u00a0transmitted in cleartext, which is sensitive information required for authentication."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37: Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "PROOF_OF_CONCEPT",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/AU:N/V:D/RE:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319: Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-15T10:58:38.397Z",
        "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "shortName": "ASRG"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://asrg.io/security-advisories/cve-2026-2539-micca-ke700-cleartext-transmission-of-key-fob-id/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003e\u003cb\u003eImplement encryption\u003c/b\u003e: The entire transmission frame must be encrypted using a standard, proven symmetric algorithm (e.g., AES-128).\u0026nbsp;\u003c/li\u003e\n\u003cli\u003e\u003cb\u003eAuthenticate the frame\u003c/b\u003e: The encrypted payload should include a Message Authentication Code (MAC) to prevent tampering or spoofing.\u003c/li\u003e\n\u003c/ul\u003e"
            }
          ],
          "value": "*  Implement encryption: The entire transmission frame must be encrypted using a standard, proven symmetric algorithm (e.g., AES-128).\u00a0\n\n  *  Authenticate the frame: The encrypted payload should include a Message Authentication Code (MAC) to prevent tampering or spoofing."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Micca KE700 Cleartext transmission of key fob ID",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
    "assignerShortName": "ASRG",
    "cveId": "CVE-2026-2539",
    "datePublished": "2026-02-15T10:58:38.397Z",
    "dateReserved": "2026-02-15T10:49:21.601Z",
    "dateUpdated": "2026-02-17T17:07:03.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-2539\",\"sourceIdentifier\":\"cve@asrg.io\",\"published\":\"2026-02-15T11:15:54.897\",\"lastModified\":\"2026-02-18T17:52:22.253\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters\u00a0transmitted in cleartext, which is sensitive information required for authentication.\"},{\"lang\":\"es\",\"value\":\"El protocolo de comunicaci\u00f3n RF en el sistema de alarma de coche Micca KE700 no cifra sus tramas de datos. Un atacante con una herramienta de intercepci\u00f3n de radio (p. ej., SDR) puede capturar el n\u00famero aleatorio y los contadores transmitidos en texto claro, lo cual es informaci\u00f3n sensible necesaria para la autenticaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve@asrg.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:H/U:X\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"HIGH\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cve@asrg.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"references\":[{\"url\":\"https://asrg.io/security-advisories/cve-2026-2539-micca-ke700-cleartext-transmission-of-key-fob-id/\",\"source\":\"cve@asrg.io\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2539\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-17T16:42:19.132639Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-17T16:42:19.777Z\"}}], \"cna\": {\"title\": \"Micca KE700 Cleartext transmission of key fob ID\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Danilo Erazo\"}], \"impacts\": [{\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37: Retrieve Embedded Sensitive Data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.7, \"Automatable\": \"NO\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/AU:N/V:D/RE:H\", \"exploitMaturity\": \"PROOF_OF_CONCEPT\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Micca Auto Electronics Co., Ltd.\", \"modules\": [\"RF Communication Module\"], \"product\": \"Car Alarm System KE700\", \"versions\": [{\"status\": \"affected\", \"version\": \"KE700\"}, {\"status\": \"unknown\", \"version\": \"KE700+\"}], \"platforms\": [\"Hardware\"], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"*  Implement encryption: The entire transmission frame must be encrypted using a standard, proven symmetric algorithm (e.g., AES-128).\\u00a0\\n\\n  *  Authenticate the frame: The encrypted payload should include a Message Authentication Code (MAC) to prevent tampering or spoofing.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cul\u003e\u003cli\u003e\u003cb\u003eImplement encryption\u003c/b\u003e: The entire transmission frame must be encrypted using a standard, proven symmetric algorithm (e.g., AES-128).\u0026nbsp;\u003c/li\u003e\\n\u003cli\u003e\u003cb\u003eAuthenticate the frame\u003c/b\u003e: The encrypted payload should include a Message Authentication Code (MAC) to prevent tampering or spoofing.\u003c/li\u003e\\n\u003c/ul\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://asrg.io/security-advisories/cve-2026-2539-micca-ke700-cleartext-transmission-of-key-fob-id/\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters\\u00a0transmitted in cleartext, which is sensitive information required for authentication.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters\u0026nbsp;transmitted in cleartext, which is sensitive information required for authentication.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-319\", \"description\": \"CWE-319: Cleartext Transmission of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"c15abc07-96a9-4d11-a503-5d621bfe42ba\", \"shortName\": \"ASRG\", \"dateUpdated\": \"2026-02-15T10:58:38.397Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-2539\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-17T17:07:03.354Z\", \"dateReserved\": \"2026-02-15T10:49:21.601Z\", \"assignerOrgId\": \"c15abc07-96a9-4d11-a503-5d621bfe42ba\", \"datePublished\": \"2026-02-15T10:58:38.397Z\", \"assignerShortName\": \"ASRG\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.