CVE-2026-49319
Awaiting Analysis Awaiting Analysis - Queue

Rollback Attack Vulnerability in RKES 433 MHz Key Fob

Vulnerability report for CVE-2026-49319, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-26

Assigner: Automotive Security Research Group (ASRG)

Description

Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.  An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-26
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
alps_alpine remote_keyless_entry_system *
suzuki swift *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-294 A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability affects the Remote Keyless Entry System (RKES) that uses a 433 MHz key fob with FCC ID CWTR53R0, manufactured by ALPS ALPINE CO., LTD. It is susceptible to a roll-back attack on its rolling-code authentication.

An attacker within radio frequency (RF) range can record two consecutive lock or unlock transmissions from a legitimate key fob. The attacker can then replay these transmissions repeatedly to the vehicle.

During testing on a 2024 Suzuki Swift, replaying the first captured transmission caused the system to enter a state where replaying the second transmission successfully locked or unlocked the vehicle.

Impact Analysis

This vulnerability allows an attacker within RF range to gain unauthorized access to a vehicle by replaying recorded lock or unlock signals.

As a result, the attacker can lock or unlock the vehicle without the owner's consent, potentially leading to theft or unauthorized use of the vehicle.

Detection Guidance

This vulnerability involves replaying recorded RF transmissions from a Remote Keyless Entry System (RKES) key fob operating at 433 MHz. Detection would require capturing and analyzing RF signals within the 433 MHz band to identify repeated or suspicious replayed transmissions.

Specific commands or tools to detect this vulnerability are not provided in the available information.

Mitigation Strategies

The provided information does not include explicit mitigation steps for this vulnerability.

General best practices for mitigating roll-back or replay attacks on rolling-code systems include updating the firmware of the keyless entry system if a patch is available, increasing the rolling code complexity, or using additional authentication factors.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart