CVE-2024-47078

Name of the Vulnerable Software and Affected Versions Meshtastic versions prior to 2.5.1

Description Meshtastic is an open source, off-grid, decentralized, mesh network that uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone via bluetooth. Multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses, resulting in unauthorized control of MQTT-connected nodes.

Recommendations For versions prior to 2.5.1, update to version 2.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the MQTT implementation until the patch is applied. Avoid using the vulnerable MQTT connection in the affected nodes until the issue is resolved.