MEDIUM🇵🇱 Wersja polska

CVE-2024-47127

CVSS 6.0v4.0pub. 2024-09-26upd. 2024-10-17

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to share encryption keys via QR scanning for higher security operations and update your app to the current release for enhanced encryption protocols.

CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Gotenna Pro

    APP
    Gotenna
    ≤ 1.6.1< 2.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-47130HIGH8.7ten sam produkt

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P an...

CVE-2024-47125HIGH7.6ten sam produkt

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate ...

CVE-2024-47126HIGH7.1ten sam produkt

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The r...

CVE-2024-47129MEDIUM5.3ten sam produkt

The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messa...

CVE-2024-47121MEDIUM6.0ten sam produkt

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the bro...