0Wulf

**Name of the Vulnerable Software and Affected Versions** Meshtastic versions 2.5 through 2.7.14 **Description** Meshtastic firmware, starting with version 2.5, implemented asymmetric encryption (PKI) for direct messages. However, when the `pki encrypted` flag is absent, the firmware reverts to legacy AES-256-CTR channel encryption without notifying the user. This creates a potential downgrade attack where an adversary with knowledge of a shared channel key can inject spoofed direct messages that appear as if they are PKI encrypted. User applications, including the Web app, iOS/Android app, and SDK-based applications, lack the ability to distinguish between PKI-encrypted and legacy-encrypted direct messages, undermining the security benefits of the PKI implementation. The `pki encrypted` flag is a parameter used to indicate whether a direct message has been encrypted with PKI. **Recommendations** Update to version 2.7.15 or later.