The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=sharing | Exploit Third Party Advisory |
https://github.com/nonamecoder/CVE-2022-27254 | Exploit Third Party Advisory |
https://news.ycombinator.com/item?id=30804702 | Exploit Issue Tracking Third Party Advisory |
https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty | Exploit Third Party Advisory |
https://www.theregister.com/2022/03/25/honda_civic_hack/ | Exploit Third Party Advisory |
https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-and-start-your-car-via-replay-attack/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-03-23 15:15
Updated : 2022-03-31 13:28
NVD link : CVE-2022-27254
Mitre link : CVE-2022-27254
JSON object : View
CWE
CWE-294
Authentication Bypass by Capture-replay
Products Affected
honda
- civic_2018_firmware
- civic_2018