CVE-2022-26943

Name of the Vulnerable Software and Affected Versions Motorola MTM5000 series firmwares (affected versions not specified)

Description The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG that relies on a tick count register as its sole entropy source. This results in low boottime entropy and limited re-seeding of the pool, making the authentication challenge vulnerable to attacks. An adversary can derive the contents of the entropy pool by an exhaustive search of possible values based on an observed authentication challenge. Additionally, an adversary can use knowledge of the entropy pool to predict authentication challenges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.