CVE-2022-30273

Name of the Vulnerable Software and Affected Versions Motorola MDLC protocol through 2022-05-02

Description The issue is related to the Motorola MDLC protocol's handling of message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode, which does not offer message integrity and provides reduced confidentiality above the block level. This is demonstrated by an ECB Penguin attack against any block ciphers. The vulnerability may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For the Motorola MDLC protocol through 2022-05-02, consider disabling the Legacy Encryption mode until a patch is available, as it uses the vulnerable Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. Restrict access to the encrypted traffic to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.