Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an…
The motorcycle's Infotainment system incorrectly skips the PIN entry if it doesn't detect Wireless Control Module (WCM) traffic during its boot-up phase. An attacker can silence the WCM during this critical window, gaining full access to the Infotainment system without needing the security PIN.
Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window — for example via a separately tracked CAN bus-off technique — can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation.
An adjacent-network attacker can bypass the Infotainment PIN, potentially accessing personal data, vehicle settings, or other sensitive functions.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0
Affected Products
1
References
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability
Impact