CVE-2022-38766

HIGH

Renault ZOE E-Tech Firmware - Authentication Bypass via Replay Attack

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-38766. PoCs published by MalHyuk.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2022-38766, a vulnerability in the Renault ZOE Keyless System, including attack scenarios, PoC videos, and an explanation of how rolling codes were bypassed. It does not contain functional exploit code but offers in-depth research and methodology.

Description

The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.

Exploits (1)

nomisec WRITEUP 4 stars

by MalHyuk · poc

https://github.com/MalHyuk/CVE-2022-38766

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2022-38766, a vulnerability in the Renault ZOE Keyless System, including attack scenarios, PoC videos, and an explanation of how rolling codes were bypassed. It does not contain functional exploit code but offers in-depth research and methodology.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Renault ZOE Keyless System (2021 model)

No auth needed

Prerequisites: HackRF One + Portapack H2 · GNURadio · GQRX · Universal Radio Hacker · rtl_433

MITRE ATT&CK

T1587.003 - Digital Certificates T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766

Scores

CVSS v3 8.1

EPSS 0.0069

EPSS Percentile 47.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-294

Status published

Products (1)

renault/zoe_e-tech_firmware 2021

Published Jan 03, 2023

Tracked Since Feb 18, 2026