Description
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successful exploitation allows an attacker to clone the alarm key. This grants the attacker unauthorized access to the vehicle to unlock or lock the doors.
Published: 2026-02-15
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized vehicle access
Action: Patch Now
AI Analysis

Impact

The Micca KE700 alarm system suffers from flawed resynchronization logic that permits replay attacks, an authentication failure (CWE‑288) caused by insufficient anti‑replay protection and a missing replay detection (CWE‑294). By transmitting two previously captured rolling codes in a specific order, an attacker can trick the receiver into accepting a stale code, effectively cloning the alarm key. The cloned key then grants unauthorized control to unlock or lock the vehicle, representing a significant escalation of privileges.

Affected Systems

Vendor Micca Auto Electronics Co., Ltd. produces the Car Alarm System KE700 that is affected. No specific product versions are listed, so all implementations of this model should be considered vulnerable.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity vulnerability. EPSS < 1% suggests a low probability of exploitation so far, and the vulnerability is not listed in the CISA KEV catalog, implying no widespread public exploitation reports. Based on the description, it is inferred that the attacker must capture two valid rolling codes—likely through physical proximity or signal interception—before carrying out the replay sequence. Once the replay succeeds, the system grants access that was never intended for the attacker.

Generated by OpenCVE AI on April 18, 2026 at 12:11 UTC.

Remediation

Vendor Solution

* Enforce strict anti-replay: The receiver must maintain a persistent state (e.g., the counter value of the last valid code). It must never accept a code with a counter value less than or equal to the last known valid counter. * Secure resynchronization logic: The logic triggered by an old code is the flaw and must be removed. Secure resynchronization should only be triggered by codes that are ahead of the current counter to allow a "drifted" key fob to re-sync.

OpenCVE Recommended Actions

  • Apply the vendor’s firmware update that enforces a persistent counter state for received rolling codes and rejects any code whose counter value is less than or equal to the last known valid counter.
  • Configure the system so that resynchronization logic is only triggered by codes with counter values ahead of the current counter, eliminating the flaw that allows resynchronization on older codes.
  • If possible, disable or limit the resynchronization feature until the update is fully deployed to prevent accidental acceptance of replayed codes.

Generated by OpenCVE AI on April 18, 2026 at 12:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Micca Auto Electronics
Micca Auto Electronics car Alarm System Ke700
Vendors & Products Micca Auto Electronics
Micca Auto Electronics car Alarm System Ke700

Sun, 15 Feb 2026 11:15:00 +0000

Type Values Removed Values Added
Description The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successful exploitation allows an attacker to clone the alarm key. This grants the attacker unauthorized access to the vehicle to unlock or lock the doors.
Title Micca KE700 Acceptance of previously used rolling codes
Weaknesses CWE-288
CWE-294
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:H/V:D/RE:M'}

Subscriptions

Micca Auto Electronics Car Alarm System Ke700
cve-icon MITRE

Status: PUBLISHED

Assigner: ASRG

Published:

Updated: 2026-02-17T17:06:53.980Z

Reserved: 2026-02-15T10:49:22.820Z

Link: CVE-2026-2540

cve-icon Vulnrichment

Updated: 2026-02-17T16:42:18.480Z

cve-icon NVD

Status : Deferred

Published: 2026-02-15T11:15:55.070

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2540

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:15:15Z

Weaknesses