PT-2024-32424 · Gotenna · Gotenna Pro X+2
Clayton Smith
+2
·
Published
2024-09-26
·
Updated
2024-10-17
·
CVE-2024-47129
CVSS v3.1
4.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
goTenna Pro App (affected versions not specified)
goTenna Pro X and Pro X2 (affected versions not specified)
Description
The issue is related to the goTenna Pro App not injecting extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.
Recommendations
For goTenna Pro App, consider implementing a payload length obfuscation mechanism to prevent attackers from determining the length of the payload.
For goTenna Pro X and Pro X2, consider implementing a payload length obfuscation mechanism to prevent attackers from determining the length of the payload.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gotenna Pro App
Gotenna Pro X
Gotenna Pro X2