CVE-2026-49318
LOW
1,0
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW
2,4
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window — for example via a separately tracked CAN bus-off technique — can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation.
636
Not Failing Securely ('Failing Open')
DraftCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Applicable Platforms
Technologies:
Not Technology-Specific, ICS/OT
696
Incorrect Behavior Order
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Alter Execution Logic
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based
754
Improper Check for Unusual or Exceptional Conditions
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Availability
Potential Impacts:
Dos: Crash, Exit, Or Restart
Unexpected State
Applicable Platforms
All platforms may be affected
https://cwe.mitre.org/data/definitions/696.html