CVE-2022-27254

MEDIUM

Honda Civic 2018 - Replay Attack

Title source: llm

Description

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.

Exploits (1)

nomisec WRITEUP 464 stars

by nonamecoder · poc

https://github.com/nonamecoder/CVE-2022-27254

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty

[Exploit, Third Party Advisory] https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=sharing

[Exploit, Third Party Advisory] https://github.com/nonamecoder/CVE-2022-27254

[Exploit, Issue Tracking, Third Party Advisory] https://news.ycombinator.com/item?id=30804702

[Exploit, Third Party Advisory] https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-and-start-your-car-via-replay-attack/

[Exploit, Third Party Advisory] https://www.theregister.com/2022/03/25/honda_civic_hack/

Scores

CVSS v3 5.3

EPSS 0.0382

EPSS Percentile 88.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-294

Status published

Products (1)

honda/civic_2018_firmware

Published Mar 23, 2022

Tracked Since Feb 18, 2026