Micca KE700 System Allows Unauthorized Vehicle Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.4

Micca KE700 System Allows Unauthorized Vehicle Access

CVE-2026-2540

Summary

The Micca KE700 system has a flaw that can be exploited by an attacker who sends two previously captured codes in a specific order. This can allow the attacker to unlock or lock doors without permission. To protect yourself, update the system with the latest patches or replace the device if an update isn't available.

Original title

Original description

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successful exploitation allows an attacker to clone the alarm key. This grants the attacker unauthorized access to the vehicle to unlock or lock the doors.

nvd CVSS4.0 8.4

Vulnerability type

CWE-288 Authentication Bypass Using Alternate Path

CWE-294

https://asrg.io/security-advisories/cve-2026-2540/

Published: 15 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026