Gotenna
CVE-2024-41931
MEDIUM
Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (hq) · only source for this CVE.
CVSS VectorVendor: hq
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations.
AnalysisAI
The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-201. The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations. Affected products include: Gotenna.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. Rated medium severity (CVSS 5.3), th
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated high severity (CVSS 7.3), this v
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. Rated high severity (CVSS 7.3), this
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated high severity (CVSS 7.1), this v
The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. Rated hi
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 6.5), this
The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. Rated medium
The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 5.3), this
The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. Rated medium severity (CVSS 4.3), th
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today