CVE-2026-49319

MEDIUM 6.5

Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).

CWE	CWE-294
Vendor	alps electric co., ltd.
Product	remote keyless entry system (rkes) r53r0
Published	Jun 25, 2026
Last Updated	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for alps electric co., ltd. remote keyless entry system (rkes) r53r0

Be the first to know when new medium vulnerabilities affecting alps electric co., ltd. remote keyless entry system (rkes) r53r0 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

Alps Electric Co., Ltd. / Remote Keyless Entry System (RKES) R53R0

R53R0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

fccid.io: https://fccid.io/CWTR53R0

Credits

Danilo Erazo (Automotive Cybersecurity Researcher)