Zach3478

**Name of the Vulnerable Software and Affected Versions** Meshtastic versions prior to 2.5.1 **Description** Meshtastic is an open source, off-grid, decentralized, mesh network that uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone via bluetooth. Multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses, resulting in unauthorized control of MQTT-connected nodes. **Recommendations** For versions prior to 2.5.1, update to version 2.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the MQTT implementation until the patch is applied. Avoid using the vulnerable MQTT connection in the affected nodes until the issue is resolved.