By weakness (CWE)
CWE-636: related vulnerabilities
CVEs classified under CWE-636. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-49317LOW 2.4
The 2025 Indian Motorcycle Scout Bobber + Tech infotainment system has a logic flaw in how it initializes during boot. The system is supposed to require a PIN to unlock, but it uses a problematic shortcut: it checks whether it detects wireless messages from the motorcycle's Wireless Control Module (WCM) during startup. If those messages are absent, the system assumes no immobilizer is present and skips the PIN screen entirely, granting immediate access to the infotainment interface. An attacker with adjacent network access can silence the WCM during the boot window—using techniques like a CAN bus-off attack—to trick the system into thinking the immobilizer is not installed, thereby bypassing the PIN protection that should guard the interface.
- CVE-2026-49318LOW 2.4
A flaw in the 2025 Indian Motorcycle Scout Bobber + Tech's infotainment system allows someone with physical proximity to the motorcycle to unlock the digital display without entering the correct PIN. The system incorrectly assumes that if it doesn't detect wireless signals from a control module during startup, no security PIN is needed. An attacker can exploit this by blocking those signals during the boot process, causing the system to skip the PIN screen entirely and display the full user interface.