Description
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. 



An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
Published: 2026-06-25
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the rolling‐code authentication of Alps Electric’s 433 MHz key fob (CWTR53R0). An attacker who captures two consecutive lock or unlock transmissions can replay the first to bring the system into a vulnerable state, then replay the second to force the vehicle to lock or unlock. The flaw allows a legitimate user’s credentials to be reused without detection, effectively bypassing the intended authentication protocol and granting an adversary physical access to the vehicle.

Affected Systems

The flaw affects the Remote Keyless Entry System (RKES) R53R0 manufactured by Alps Electric Co., Ltd. No specific firmware or hardware revision is listed, but the vulnerability was demonstrated on a 2024 Suzuki Swift equipped with this key fob. Vehicles that use this RKES product and the CWTR53R0 key fob are therefore susceptible.

Risk and Exploitability

The CVSS score is 6.9, indicating a high level of risk. Exploitation requires that the attacker be within radio‑frequency range of the vehicle to record and replay the transmissions, and the attack has not yet been reported in the CISA KEV catalog. Because the EPSS score is not available, the exact probability of exploitation is unknown, but the attack is technically straightforward and has a limited effectiveness window. The impact is significant because a replay that succeeds can lock or unlock the vehicle, enabling physical access or denial of access.

Generated by OpenCVE AI on June 25, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest firmware update for the RKES R53R0 from Alps Electric that addresses the rolling‑code rollback vulnerability.
  • If a firmware update is not yet available, disable or restrict the use of the R53R0 key fob for vehicle entry by reconfiguring the vehicle’s remote entry system or using the vehicle’s manual lock/unlock controls.
  • Monitor the vendor’s security advisories for updates and consider adding physical RF shielding to the key fob area to reduce the risk of replay attacks.

Generated by OpenCVE AI on June 25, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://fccid.io/CWTR53R0 cve-icon
History

Thu, 25 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.  An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
Title Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack
Weaknesses CWE-294
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ASRG

Published:

Updated: 2026-06-25T15:12:19.151Z

Reserved: 2026-05-29T07:26:43.198Z

Link: CVE-2026-49319

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:30:16Z

Weaknesses
  • CWE-294

    Authentication Bypass by Capture-replay