CVE-2026-2539

MEDIUM

Micca KE700 - Info Disclosure

Title source: llm

Description

The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication.

References (1)

[Various Sources] https://asrg.io/security-advisories/cve-2026-2539-micca-ke700-cleartext-transmission-of-key-fob-id/

Scores

CVSS v4 5.7

EPSS 0.0001

EPSS Percentile 3.1%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/AU:N/V:D/RE:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (2)

Micca Auto Electronics Co., Ltd./Car Alarm System KE700 KE700

Micca Auto Electronics Co., Ltd./Car Alarm System KE700 KE700+

Published Feb 15, 2026

Tracked Since Feb 18, 2026