Authentication Flaw in Micca KE700 Vehicle System by Micca
CVE-2026-2541

6.4MEDIUM

Key Information:

Vendor

Micca Auto Electronics Co., Ltd.

Status
Car Alarm System Ke700
Vendor
CVE Published:
15 February 2026

What is CVE-2026-2541?

The Micca KE700 system features a flawed authentication mechanism that relies on a limited 6-bit identifier within rolling codes, resulting in only 64 possible combinations. This low level of entropy exposes the system to brute-force attacks, allowing an attacker to predict the next valid rolling code. By exploiting this vulnerability, attackers can gain unauthorized access to the vehicle, raising significant concerns regarding vehicle security and user safety.

Affected Version(s)

Car Alarm System KE700 KE700

Car Alarm System KE700 KE700

References

https://asrg.io/security-advisories/cve-2026-2541/
third-party-advisory

CVSS V4

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Danilo Erazo
.