CVE-2022-37418

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nissan:nissan_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nissan:nissan:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:kia:kia_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kia:kia:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hyundai:hyundai_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hyundai:hyundai:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-24 06:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-37418

Mitre link : CVE-2022-37418

CVE.ORG link : CVE-2022-37418


JSON object : View

Products Affected

kia

  • kia
  • kia_firmware

nissan

  • nissan_firmware
  • nissan

hyundai

  • hyundai
  • hyundai_firmware
CWE
CWE-294

Authentication Bypass by Capture-replay