CVE-2016-10743

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
Source: NIST
CVE-2016-10743