CVE-2024-47122

Name of the Vulnerable Software and Affected Versions goTenna Pro App (affected versions not specified) goTenna Pro X goTenna Pro X2

Description The encryption keys in the goTenna Pro App are stored along with a static IV on the End User Device (EUD), allowing for complete decryption of keys if the device is physically compromised. This enables an attacker to decrypt all encrypted broadcast communications based on the stored encryption keys. To mitigate this, strong access control measures and layered encryption on the EUD are recommended for more secure operation.

Recommendations For goTenna Pro App, consider using strong access control measures and layered encryption on the End User Device for more secure operation. For goTenna Pro X, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For goTenna Pro X2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.