CVE-2026-49322
4.3 MEDIUMWeak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-...
Published: 2026-05-29 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- CWE
- CWE-1390, CWE-294, CWE-327
Description
Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The Infotainment Digital Round display computes its response using a non-cryptographic operation rather than a cryptographic challenge-response, so the PIN is mathematically derivable from one captured exchange, defeating the motorcycle's primary user-authentication control. Specific protocol details have been withheld pending vendor remediation.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-0274 — An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an un...
- CVE-2025-10237 — During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could... (6.7 MEDIUM)
- CVE-2026-11481 — A vulnerability was determined in yoanbernabeu grepai up to 0.35.0 (2.5 LOW)
- CVE-2026-11479 — A vulnerability has been found in yoanbernabeu grepai 0.35.0 (4.2 MEDIUM)
- CVE-2026-46395 — HAX CMS helps manage microsite universe with PHP or NodeJs backends