CVE-2022-37418

MEDIUM

Nissan, Kia, and Hyundai Firmware < 2017 - Authentication Bypass via RollBack Replay Attack

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-37418. PoCs published by thomasarmel.

AI-analyzed exploit summary This repository provides a formal verification proof-of-concept using ProVerif to demonstrate a rollback attack on automotive remote keyless entry systems (CVE-2022-37418, CVE-2022-36945, and CVE-2022-37305). It includes detailed instructions for running the verification model and generating attack graphs.

Description

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.

Exploits (1)

nomisec WRITEUP 8 stars
by thomasarmel · poc
https://github.com/thomasarmel/rollback_car_attack_proverif

This repository provides a formal verification proof-of-concept using ProVerif to demonstrate a rollback attack on automotive remote keyless entry systems (CVE-2022-37418, CVE-2022-36945, and CVE-2022-37305). It includes detailed instructions for running the verification model and generating attack graphs.

Classification
Writeup 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: Automotive remote keyless entry systems
No auth needed
Prerequisites: ProVerif installation · Graphviz for generating attack graphs
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 6.4
EPSS 0.0084
EPSS Percentile 52.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE
CWE-294
Status published
Products (3)
hyundai/hyundai_firmware < 2017
kia/kia_firmware < 2017
nissan/nissan_firmware < 2017
Published Aug 24, 2022
Tracked Since Feb 18, 2026