MidnightBSD

Advisories for honda

CVE-2015-2943 MEDIUM

Honda Moto LINC 1.6.1 does not verify SSL certificates.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
honda moto_linc 1.6.1
CVE-2019-20626 LOW

The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-294,

Products Affected

Vendor Product Version
honda hr-v_2017_firmware -
CVE-2021-46145 LOW

The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-294,

Products Affected

Vendor Product Version
honda civic_2012 -
CVE-2022-27254 LOW

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-294,

Products Affected

Vendor Product Version
honda civic_2018_firmware -
CVE-2022-37305

The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
honda honda_firmware *