CVE-2024-47127

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions goTenna Pro App (affected versions not specified) goTenna Pro X goTenna Pro X2

Description The issue allows an attacker to inject custom messages with any GID and Callsign into existing goTenna mesh networks using a software-defined radio. This can be exploited in unencrypted environments or if the cryptography has been compromised.

Recommendations For goTenna Pro App, update the app to the current release for enhanced encryption protocols. For goTenna Pro X and goTenna Pro X2, update the app to the current release for enhanced encryption protocols. As a temporary workaround, consider sharing encryption keys via QR scanning for higher security operations.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-1390

Related Identifiers

CVE-2024-47127

Affected Products

Gotenna Pro App

Gotenna Pro X

Gotenna Pro X2

CVE-2024-47127

Weakness Enumeration

Related Identifiers

Affected Products

References · 8