How severe is CVE-2018-5871?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2018-5871?

This is classified as CWE-338, which is a common weakness in software security.

CVE-2018-5871 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.

Related Vulnerabilities

CVE-2021-0131

MEDIUM

CVSS:6.5(Medium)

Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information dis...

CWE-3382021

CVE-2021-3990

MEDIUM

CVSS:6.5(Medium)

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-3382021

CVE-2024-45723

HIGH

CVSS:6.5(Medium)

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if...

CWE-3382024

CVE-2024-5264

MEDIUM

CVSS:6.5(Medium)

Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis

CWE-3382024

CVE-2024-56370

MEDIUM

CVSS:6.5(Medium)

Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data...

CWE-3382024

CVE-2008-3280

MEDIUM

CVSS:5.9(Medium)

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the...

CWE-3382008