CVE-2024-47123

Name of the Vulnerable Software and Affected Versions goTenna Pro App (affected versions not specified) goTenna Pro X (affected versions not specified) goTenna Pro X2 (affected versions not specified)

Description The goTenna Pro series uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.

Recommendations Update to the current release for more secure operations. As a temporary workaround, consider using additional integrity checking mechanisms to minimize the risk of exploitation. Restrict access to sensitive messages to minimize the risk of exploitation until a more secure version is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.