CVE-2026-2541: Micca KE700 Brute-force vulnerability due to low entropy Vulnerability Details CVE ID: CVE-2026-2541 Description: Predictable or brute-forceable rolling code Description The system's rolling code generation is weak because it does not use a secure, standard algorithm like KeeLoq. The next valid code is composed of: 16-bit random number 16-bit counter 9-bit Key Fob ID Flaws: The 16-bit counter increments by 1. The 9-bit Key Fob ID is constant. Only the 16-bit random number is unpredictable, resulting in 65,536 possible combinations, making a brute-force attack feasible. Attack Path 1. The attacker sniffs a single transmission to learn the current counter value. 2. The attacker calculates the next valid counter value. 3. The attacker launches a brute-force attack by transmitting all 65,535 possible 16-bit random numbers. 4. The entire key space can be tried in 6.9 hours. CWE References CWE-331: Insufficient entropy CWE-330: Use of Insufficiently random values Impact Successful exploitation grants unauthorized access to the car. Severity: Medium Tools and Techniques AutoRFKiller tool Recommendations Increase entropy to at least 64 bits. Use proven algorithms like KeeLoq. Additional Information Reported by Danilo Erazo (revers3everything@gmail.com) Problem Type: CWE-331 Insufficient Entropy CAPEC ID: CAPEC-112 Brute Force Affected Products: Micca Auto Electronics Co., Ltd., Car Alarm System KE700 CVSS3.1 Score: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:H/V:D/RE:H