CVE-2022-27254

Published: Mar 23, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.

Affected (1)

Products: Honda: Civic 2018 Firmware

Honda

1 product

Civic 2018 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honda Civic 2018 Firmware	All versions

Running on/with	Platform Versions
Honda Civic 2018	All versions

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (12)

https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=sharing

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/nonamecoder/CVE-2022-27254

Source: cve@mitre.org

ExploitThird Party Advisory

https://news.ycombinator.com/item?id=30804702

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-and-start-your-car-via-replay-attack/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.theregister.com/2022/03/25/honda_civic_hack/

Source: cve@mitre.org

ExploitThird Party Advisory

https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=sharing