Main Vulnerability Database Vulnerabilities #VU123007

#VU123007 Authentication bypass using an alternate path or channel in Car Alarm System KE700 - CVE-2026-2540

Published: February 18, 2026

Vulnerability identifier: #VU123007

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2026-2540

CWE-ID: CWE-288

Exploitation vector: Adjecent network

Exploit availability: Public exploit is available

Vulnerable software:
Car Alarm System KE700

Software vendor:
Micca Auto Electronics

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the authentication bypass using an alternate path or channel in the alarm system’s receiver. A remote attacker on the local network can capture and replay previously transmitted signals to clone the alarm key and gain access to the vehicle to unlock or lock the doors.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://asrg.io/security-advisories/cve-2026-2540/

#VU123007 Authentication bypass using an alternate path or channel in Car Alarm System KE700 - CVE-2026-2540

Description

Remediation

External links

Please verify you're human