Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple missing pointer validation checks in trusted execution module in Motorola MTM5000
Vulnerability Description
The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
非可信指针解引用
Vulnerability Title
Motorola MTM5000 安全漏洞
Vulnerability Description
Motorola MTM5000是美国摩托罗拉(Motorola)公司的一种移动收音机。 Motorola MTM5000 存在安全漏洞,该漏洞源于缺乏对传递到可信执行环境 (TEE) 模块的参数的指针验证,攻击者利用该漏洞可以在 TEE 中获得安全监管代码执行, 导致对 TEE 模块的全面破坏,暴露了设备密钥以及 TETRA 加密原语。
CVSS Information
N/A
Vulnerability Type
N/A