CVE-2024-47121

Name of the Vulnerable Software and Affected Versions goTenna Pro App versions (affected versions not specified) goTenna Pro X goTenna Pro X2

Description The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and the password is cracked via a brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF.

Recommendations For goTenna Pro App, consider using local QR encryption key sharing for additional security. For goTenna Pro X, use local QR encryption key sharing for additional security. For goTenna Pro X2, use local QR encryption key sharing for additional security. As a temporary workaround, consider disabling the key broadcast method until a patch is available. Restrict access to the key broadcast feature to minimize the risk of exploitation.