Description
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. 



An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
Published: 2026-06-25
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the rolling‐code authentication of Alps Electric’s 433 MHz key fob (CWTR53R0). An attacker who captures two consecutive lock or unlock transmissions can replay the first to bring the system into a vulnerable state, then replay the second to force the vehicle to lock or unlock. The flaw allows a legitimate user’s credentials to be reused without detection, effectively bypassing the intended authentication protocol and granting an adversary physical access to the vehicle.

Affected Systems

The flaw affects the Remote Keyless Entry System (RKES) R53R0 manufactured by Alps Electric Co., Ltd. No specific firmware or hardware revision is listed, but the vulnerability was demonstrated on a 2024 Suzuki Swift equipped with this key fob. Vehicles that use this RKES product and the CWTR53R0 key fob are therefore susceptible.

Risk and Exploitability

The CVSS score is 6.9, indicating a high level of risk. Exploitation requires that the attacker be within radio‑frequency range of the vehicle to record and replay the transmissions, and the attack has not yet been reported in the CISA KEV catalog. Because the EPSS score is not available, the exact probability of exploitation is unknown, but the attack is technically straightforward and has a limited effectiveness window. The impact is significant because a replay that succeeds can lock or unlock the vehicle, enabling physical access or denial of access.

Generated by OpenCVE AI on June 25, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest firmware update for the RKES R53R0 from Alps Electric that addresses the rolling‑code rollback vulnerability.
  • If a firmware update is not yet available, disable or restrict the use of the R53R0 key fob for vehicle entry by reconfiguring the vehicle’s remote entry system or using the vehicle’s manual lock/unlock controls.
  • Monitor the vendor’s security advisories for updates and consider adding physical RF shielding to the key fob area to reduce the risk of replay attacks.

Generated by OpenCVE AI on June 25, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Alps Electric
Alps Electric remote Keyless Entry System (rkes) R53r0
Vendors & Products Alps Electric
Alps Electric remote Keyless Entry System (rkes) R53r0

Fri, 26 Jun 2026 06:30:00 +0000


Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.  An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
Title Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack
Weaknesses CWE-294
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N'}


Subscriptions

Alps Electric Remote Keyless Entry System (rkes) R53r0
cve-icon MITRE

Status: PUBLISHED

Assigner: ASRG

Published:

Updated: 2026-06-26T05:00:00.212Z

Reserved: 2026-05-29T07:26:43.198Z

Link: CVE-2026-49319

cve-icon Vulnrichment

Updated: 2026-06-25T15:12:15.688Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:37:32Z

Weaknesses
  • CWE-294

    Authentication Bypass by Capture-replay