漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown
Vulnerability Description
Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a well-known CAN error-frame injection technique against a periodic WCM transmission, the attacker drives the WCM CAN controller's transmit error counter past the bus-off threshold, after which the WCM stops transmitting all messages, including the shutdown command. Peer ECUs do not interpret WCM silence as a security event and continue normal operation, allowing the motorcycle to be operated despite the immobilizer never having been unlocked. Specific protocol details have been withheld pending vendor remediation.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
预期行为违背
Vulnerability Title
Indian Motorcycle Scout Bobber + Tech 安全漏洞
Vulnerability Description
Indian Motorcycle Scout Bobber + Tech是日本Indian Motorcycle公司的一款中量级巡航摩托车。 Indian Motorcycle Scout Bobber + Tech 2025版本存在安全漏洞,该漏洞源于攻击者通过强制无线控制模块进入CAN总线关闭状态绕过摩托车的防盗关闭,攻击者使用已知的CAN错误帧注入技术针对周期性WCM传输,驱动WCM CAN控制器的发送错误计数器超过总线关闭阈值,之后WCM停止发送所有消息包括关闭命令,其他ECU不将WCM静默解释
CVSS Information
N/A
Vulnerability Type
N/A