CVE-2026-49319
Received Received - Intake
Rollback Attack Vulnerability in RKES 433 MHz Key Fob

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Automotive Security Research Group (ASRG)

Description
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.  An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-49319
EUVD
EUVD-2026-39417
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
alps_alpine remote_keyless_entry_system *
suzuki swift *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-294 A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability affects the Remote Keyless Entry System (RKES) that uses a 433 MHz key fob with FCC ID CWTR53R0, manufactured by ALPS ALPINE CO., LTD. It is susceptible to a roll-back attack on its rolling-code authentication.

An attacker within radio frequency (RF) range can record two consecutive lock or unlock transmissions from a legitimate key fob. The attacker can then replay these transmissions repeatedly to the vehicle.

During testing on a 2024 Suzuki Swift, replaying the first captured transmission caused the system to enter a state where replaying the second transmission successfully locked or unlocked the vehicle.

Impact Analysis

This vulnerability allows an attacker within RF range to gain unauthorized access to a vehicle by replaying recorded lock or unlock signals.

As a result, the attacker can lock or unlock the vehicle without the owner's consent, potentially leading to theft or unauthorized use of the vehicle.

Detection Guidance

This vulnerability involves replaying recorded RF transmissions from a Remote Keyless Entry System (RKES) key fob operating at 433 MHz. Detection would require capturing and analyzing RF signals within the 433 MHz band to identify repeated or suspicious replayed transmissions.

Specific commands or tools to detect this vulnerability are not provided in the available information.

Mitigation Strategies

The provided information does not include explicit mitigation steps for this vulnerability.

General best practices for mitigating roll-back or replay attacks on rolling-code systems include updating the firmware of the keyless entry system if a patch is available, increasing the rolling code complexity, or using additional authentication factors.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart