Description
The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication.
Published: 2026-02-15
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality breach of authentication credentials via cleartext RF transmission
Action: Apply Patch
AI Analysis

Impact

The Micca KE700 car alarm system transmits authentication data over RF without encryption, allowing an attacker to capture the random number and counters used for key fob authentication in cleartext. This disclosure enables the attacker to gain knowledge of the authentication material used by the system, compromising the integrity of the access control mechanism and potentially facilitating unauthorized vehicle entry.

Affected Systems

Micca Auto Electronics Co., Ltd. Car Alarm System KE700. No specific affected firmware or firmware revision is listed in the advisory, indicating that the flaw may exist in all builds that use the unencrypted RF protocol.

Risk and Exploitability

The vulnerability has a CVSS score of 5.7, which indicates a medium impact. The EPSS score of less than 1% implies very low but non‑zero likelihood of exploitation. It is not listed in the CISA KEV catalog, suggesting no widespread active exploitation has been reported. The likely attack vector is a remote wireless signal interception using a software defined radio or other RF capture device. An attacker would need only the ability to listen to the KE700 traffic and could obtain the sensitive authentication numbers without any local physical access to the vehicle.

Generated by OpenCVE AI on April 18, 2026 at 12:11 UTC.

Remediation

Vendor Solution

* Implement encryption: The entire transmission frame must be encrypted using a standard, proven symmetric algorithm (e.g., AES-128).  * Authenticate the frame: The encrypted payload should include a Message Authentication Code (MAC) to prevent tampering or spoofing.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch that encrypts all RF data frames to protect authentication information.
  • Ensure that the patched system includes a message authentication code in each encrypted frame to prevent tampering or replay attacks.
  • Verify the correct implementation of encryption and MAC by auditing the RF traffic after the patch.

Generated by OpenCVE AI on April 18, 2026 at 12:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Micca Auto Electronics
Micca Auto Electronics car Alarm System Ke700
Vendors & Products Micca Auto Electronics
Micca Auto Electronics car Alarm System Ke700

Sun, 15 Feb 2026 11:15:00 +0000

Type Values Removed Values Added
Description The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication.
Title Micca KE700 Cleartext transmission of key fob ID
Weaknesses CWE-319
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/AU:N/V:D/RE:H'}

Subscriptions

Micca Auto Electronics Car Alarm System Ke700
cve-icon MITRE

Status: PUBLISHED

Assigner: ASRG

Published:

Updated: 2026-02-17T17:07:03.354Z

Reserved: 2026-02-15T10:49:21.601Z

Link: CVE-2026-2539

cve-icon Vulnrichment

Updated: 2026-02-17T16:42:19.777Z

cve-icon NVD

Status : Deferred

Published: 2026-02-15T11:15:54.897

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:15:15Z

Weaknesses