CVE-2024-41722

Name of the Vulnerable Software and Affected Versions goTenna Pro ATAK Plugin (affected versions not specified)

Description The issue allows an attacker to inject custom messages with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This can be exploited if the device is used in an unencrypted environment or if the cryptography has already been compromised. For higher security operations, it is advised to use encryption shared with a local QR code.

Recommendations As a temporary workaround, consider using encryption shared with a local QR code for higher security operations. Restrict the use of the goTenna Pro ATAK Plugin in unencrypted environments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.