CVE-2026-49325
Physical Bypass in Indian Motorcycle Scout Bobber
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: Automotive Security Research Group (ASRG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| indian_motorcycle | scout_bobber | 2025 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
| CWE-1384 | The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced. |
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper handling of physical conditions in the bike-shutdown control system of the Indian Motorcycle Scout Bobber + Tech 2025 model year. A physical attacker with access to the Wireless Control Module (WCM) wiring harness can bypass the anti-theft shutdown mechanism. The WCM signals shutdown to a peer ECU using a falling-edge voltage transition on a dedicated wire pair. However, the receiving ECU cannot distinguish between a legitimate shutdown signal and a disconnected or open-circuit condition. By interrupting the relevant wires, the attacker can keep the motorcycle fully operable without the WCM validating the rider's PIN.
How can this vulnerability impact me? :
This vulnerability allows an attacker with physical access to the motorcycle's wiring harness to bypass the anti-theft shutdown control, effectively enabling unauthorized use or theft of the motorcycle. Since the shutdown signal can be spoofed by disconnecting wires, the motorcycle remains operable without proper authentication, compromising the security and availability of the vehicle.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves physical manipulation of the Wireless Control Module (WCM) wiring harness to bypass the anti-theft shutdown on the Indian Motorcycle Scout Bobber + Tech 2025 model. Detection requires physical inspection of the WCM wiring harness for signs of tampering or disconnection.
Since the vulnerability is related to physical wiring and hardware signals rather than network traffic or software logs, there are no specific network or system commands that can directly detect this issue.
Monitoring the motorcycle's behavior for unexpected operability despite the anti-theft system being engaged may indicate exploitation of this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves securing physical access to the Wireless Control Module (WCM) wiring harness to prevent unauthorized manipulation.
Inspect and protect the wiring harness to ensure it is not disconnected or tampered with, as interrupting the wires allows bypassing the anti-theft shutdown.
Await vendor remediation for specific connector details and potential hardware or firmware updates that address the improper handling of physical conditions.
Consider additional physical security measures such as tamper-evident seals or enclosures around the WCM wiring harness.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.