Motorola MTM5400
Approved changes feed: RSS · Atom
cpe:2.3:h:motorola:mtm5400:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Motorola (7a59928e-a07c-5317-adab-c9b7f35b7f98) |
|---|---|
| Product | Mtm5400 (5b18c7b4-2bb1-5edb-87cc-2debbec60aa9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-27813 |
not_vulnerable | 2026-06-03 14:46:53.806956 |
Unconfigured memory protection modules in Motorola MTM5000
HIGH (8.1)
Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.
Published: 2023-10-19T09:34:44.148Z
Updated: 2024-08-03T05:33:00.474Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26943 |
not_vulnerable | 2026-06-03 14:46:45.419299 |
Weak PRNG entropy source used for authentication challenge generation in Motorola MTM5000
HIGH (8.8)
The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.
Published: 2023-10-19T09:34:20.646Z
Updated: 2024-08-03T05:18:38.337Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26942 |
not_vulnerable | 2026-06-03 14:46:45.418744 |
Multiple missing pointer validation checks in trusted execution module in Motorola MTM5000
HIGH (8.2)
The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives.
Published: 2023-10-19T09:35:24.386Z
Updated: 2024-08-03T05:18:38.371Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26941 |
not_vulnerable | 2026-06-03 14:46:45.416824 |
Format string vulnerability in AT+CTGL command in Motorola MTM5000
CRITICAL (9.6)
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.
Published: 2023-10-19T09:35:52.646Z
Updated: 2024-09-12T20:28:58.903Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.