CVE-2022-27254

low-risk
Published 2022-03-23

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.

Do I need to act?

~
3.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
ADJACENT_NETWORK / HIGH complexity

Affected Products (1)

Civic 2018 Firmware

Affected Vendors

Honda

References (12)

Exploit https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=shari...
Exploit https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty
Exploit https://github.com/nonamecoder/CVE-2022-27254
Exploit https://news.ycombinator.com/item?id=30804702
Exploit https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-an...
Exploit https://www.theregister.com/2022/03/25/honda_civic_hack/
Exploit https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=shari...
Exploit https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty
Exploit https://github.com/nonamecoder/CVE-2022-27254
Exploit https://news.ycombinator.com/item?id=30804702
Exploit https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-an...
Exploit https://www.theregister.com/2022/03/25/honda_civic_hack/
26
/ 100
low-risk
Severity 14/34 · Moderate
Exploitability 7/34 · Low
Exposure 5/34 · Minimal