CVE-2022-38766
Published on: Not Yet Published
Last Modified on: 01/10/2023 03:40:00 PM UTC
Certain versions of Zoe E-tech from Renault contain the following vulnerability:
The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.
- CVE-2022-38766 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.1 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
ADJACENT_NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | HIGH | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
GitHub - AUTOCRYPT-IVS-VnV/CVE-2022-38766: PoC for vulnerability in Renault ZOE Keyless System(CVE-2022-38766) | github.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Exploit/POC from Github
PoC for vulnerability in Renault ZOE Keyless System(CVE-2022-38766)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware
| Renault | Zoe E-tech | - | All | All | All |
Operating System | Renault | Zoe E-tech Firmware | 2021 | All | All | All |
- cpe:2.3:h:renault:zoe_e-tech:-:*:*:*:*:*:*:*:
- cpe:2.3:o:renault:zoe_e-tech_firmware:2021:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
#exploit 1. CVE-2022-24637: Open web analytics info disclosure to RCE github.com/watchdog2000/c… 2. CVE-2022-38766: P… twitter.com/i/web/status/1… | 2022-08-29 03:39:09 |
![]() |
CVE-2022-38766 PoC for vulnerability in Renault ZOE Keyless System CVE-2022-38766 This vulnerability raised the q… twitter.com/i/web/status/1… | 2022-08-29 07:10:56 |
![]() |
CVE-2022-38766 PoC for vulnerability in Renault ZOE Keyless System CVE-2022-38766 This vulnerability raised the q… twitter.com/i/web/status/1… | 2022-08-29 10:14:13 |
![]() |
GitHub - AUTOCRYPT-IVS-VnV/CVE-2022-38766: PoC for vulnerability in Renault ZOE Keyless System(CVE-2022-38766) github.com/AUTOCRYPT-IVS-… | 2022-09-06 06:59:14 |
![]() |
CVE-2022-38766 : The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same R… twitter.com/i/web/status/1… | 2023-01-03 15:05:39 |
![]() |
CVE-2022-38766 | 2023-01-03 15:38:41 |