Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network…
The Indian Motorcycle Scout Bobber + Tech 2025 model year has a weak authentication vulnerability in its Wireless Control Module, allowing an adjacent-network attacker to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The Infotainment Digital Round display uses a non-cryptographic operation to compute its response. The vulnerability can be exploited by an attacker with read access to the in-vehicle network.
Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The Infotainment Digital Round display computes its response using a non-cryptographic operation rather than a cryptographic challenge-response, so the PIN is mathematically derivable from one captured exchange, defeating the motorcycle's primary user-authentication control. Specific protocol details have been withheld pending vendor remediation.
Adjacent-network attackers with read access to the in-vehicle network can recover the user-set unlock PIN, posing a medium risk to owners of the affected Indian Motorcycle model.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0
Affected Products
1
References
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability
Impact