PT-2024-32395 · Unknown · Meshtastic

Thebentern

Published

2024-10-07

Updated

2025-10-21

CVE-2024-47079

CVSS v3.1

6.4

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions Meshtastic firmware versions prior to 2.5.1

Description The issue arises from the remote hardware module of the Meshtastic firmware not having proper checks to ensure that a remote hardware control message was received and should be considered valid. This allows for potential manipulation of unknown processes. All users are advised to upgrade to address this issue.

Recommendations For Meshtastic firmware versions prior to 2.5.1, upgrade to release version 2.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the remote hardware control module until the upgrade is applied.

Exploit

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2024-47079

GHSA-H8MH-P4R3-4JV7

Affected Products

Meshtastic

PT-2024-32395 · Unknown · Meshtastic

CVE-2024-47079

Weakness Enumeration

Related Identifiers

Affected Products

References · 12