CVE-2026-2539 PUBLISHED

Micca KE700 Cleartext transmission of key fob ID

Assigner: ASRG
Reserved: 15.02.2026 Published: 15.02.2026 Updated: 15.02.2026

The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication.

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/AU:N/V:D/RE:H
CVSS Score: 5.7

Product Status

Vendor Micca Auto Electronics Co., Ltd.
Product Car Alarm System KE700
Versions Default: affected
  • Version KE700 is affected
  • Version KE700+ is unknown

Solutions

  • Implement encryption: The entire transmission frame must be encrypted using a standard, proven symmetric algorithm (e.g., AES-128). 

  • Authenticate the frame: The encrypted payload should include a Message Authentication Code (MAC) to prevent tampering or spoofing.

Credits

  • Danilo Erazo finder

References

Problem Types

  • CWE-319: Cleartext Transmission of Sensitive Information CWE

Impacts

  • CAPEC-37: Retrieve Embedded Sensitive Data