The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.

The goTenna Pro App does not use SecureRandom when generating passwords 
for sharing cryptographic keys. The random function in use makes it 
easier for attackers to brute force this password if the broadcasted 
encryption key is captured over RF. This only applies to the optional 
broadcast of an encryption key, so it is advised to share the key with 
local QR code for higher security operations.

ICS-CERT AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

OR
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:* versions up to (including) 1.6.1
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:* versions up to (excluding) 2.0.3

OR
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* versions up to (including) 1.6.1

NIST AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST CWE-338

OR
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* versions up to (including) 1.6.1

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 No Types Assigned

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 Third Party Advisory, US Government Resource

The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.

ICS-CERT CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

ICS-CERT CWE-338

ICS-CERT https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 [No types assigned]