Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-41722

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to use encryption shared with local QR code for higher security operations.

Published

2024-09-26T18:15:06.193

Last Modified

2024-10-17T17:15:11.667

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1390
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gotenna	gotenna	< 2.0.7	Yes

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory, US Government Resource ([email protected])