CVE-2022-37418

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nissan:nissan_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nissan:nissan:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:kia:kia_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kia:kia:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hyundai:hyundai_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hyundai:hyundai:-:*:*:*:*:*:*:*

Information

Published : 2022-08-23 23:15

Updated : 2022-08-31 08:46


NVD link : CVE-2022-37418

Mitre link : CVE-2022-37418


JSON object : View

CWE
CWE-294

Authentication Bypass by Capture-replay

Advertisement

dedicated server usa

Products Affected

hyundai

  • hyundai
  • hyundai_firmware

kia

  • kia_firmware
  • kia

nissan

  • nissan
  • nissan_firmware