CVE-2026-49319
Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack
Description
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
INFO
Published Date :
June 25, 2026, 2:11 p.m.
Last Modified :
June 25, 2026, 2:11 p.m.
Remotely Exploit :
No
Source :
ASRG
Affected Products
The following products are affected by CVE-2026-49319
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | c15abc07-96a9-4d11-a503-5d621bfe42ba | ||||
| CVSS 4.0 | MEDIUM | c15abc07-96a9-4d11-a503-5d621bfe42ba |
Solution
- Update RKES firmware to prevent roll-back attacks.
- Implement cryptographic nonces for rolling codes.
- Utilize authenticated encryption for transmissions.
- Consider disabling roll-back vulnerable systems.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-49319 vulnerability anywhere in the article.