CVE-2026-49318

216.73.216.226

· Published 29/05/2026 14:16 · Modified 29/05/2026 15:11

Labels: CVE-2026-49318 2026-05-29 CVE-2026-49318 CWE-636 [email protected]

Essential information

Published: 29/05/2026 14:16
Modified: 29/05/2026 15:11
Author: —
Creator: —
CVSS: 1.0 LOW (v3) 1.0 LOW (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window — for example via a separately tracked CAN bus-off technique — can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
indian motorcycle / scout bobber	`cpe:2.3:a:indian_motorcycle:scout_bobber:2025:::::::*`
indian motorcycle / infotainment system	`cpe:2.3:a:indian_motorcycle:infotainment_system::::::::`