CVE-2024-43814

Name of the Vulnerable Software and Affected Versions goTenna Pro ATAK Plugin (affected versions not specified)

Description The goTenna Pro ATAK Plugin has a default setting to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. This can lead to users accidentally broadcasting their location unencrypted if they are unaware of their settings and have not activated encryption before a mission.

Recommendations Update to the latest Plugin to disable the default setting of sharing PLI updates every 60 seconds. As a temporary workaround, consider verifying PLI settings to the desired rate and activate encryption prior to mission. Restrict access to the plugin's default settings to minimize the risk of exploitation.