CVE-2026-49319— Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-49319
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack
Source: NVD (National Vulnerability Database)
Vulnerability Description
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用捕获-重放进行的认证绕过
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Alps Electric Co., Ltd. | Remote Keyless Entry System (RKES) R53R0 | R53R0 | - |
II. Public POCs for CVE-2026-49319
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-49319
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-49319 (1)
IV. Related Vulnerabilities
Same weakness: CWE-294
- CVE-2026-56130
Apache Shiro: Remember-me cookie isn't checked for expiry on - CVE-2023-33854
Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Da - CVE-2026-47341
Apache APISIX: Session replay issue in hmac-auth - CVE-2026-34021
Lack of cryptographic protection in Wertheim SafeController - CVE-2026-41000
WSS4J validation does not use configured replay cache
V. Comments for CVE-2026-49319
No comments yet