CVE-2018-16806
MEDIUMPektron Passive Keyless Entry and Start System Firmware - Use of a Broken Cryptographic Algorithm via DST40 Cipher
Title source: llmDescription
A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entry-and-start-in-modern-supercars/
Scores
CVSS v3
6.5
EPSS
0.0047
EPSS Percentile
36.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-327
Status
published
Products (1)
pektron/passive_keyless_entry_and_start_system_firmware
Published
Sep 10, 2018
Tracked Since
Feb 18, 2026