CVE-2024-45038

Name of the Vulnerable Software and Affected Versions Meshtastic device firmware versions prior to 2.4.1

Description The Meshtastic device firmware is subject to a denial of service vulnerability in MQTT handling. This issue is fixed in version 2.4.1 of the Meshtastic firmware and on the Meshtastic public MQTT Broker. It is strongly suggested that all users of Meshtastic, particularly those that connect to a privately hosted MQTT server, update to this or a more recent stable version right away. There are no known workarounds for this vulnerability.

Recommendations For Meshtastic device firmware versions prior to 2.4.1, update to version 2.4.1 or a more recent stable version immediately. As a temporary workaround, consider disabling MQTT handling until a patch is available. Restrict access to the Meshtastic public MQTT Broker to minimize the risk of exploitation. Avoid using the Meshtastic device firmware with privately hosted MQTT servers until the issue is resolved.