Meshtastic Firmware
CVE-2024-47078
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch.
AnalysisAI
Meshtastic is an open source, off-grid, decentralized, mesh network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch. Affected products include: Meshtastic Meshtastic Firmware. Version information: version 2.5.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Meshtastic Firmware
View allMeshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by t
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not
Meshtastic is an open source mesh networking solution. Rated critical severity (CVSS 9.4), this vulnerability is remotel
A remote code execution vulnerability in versions from 2.5.0 to (CVSS 8.3). High severity vulnerability requiring prompt
Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that
Meshtastic firmware is a device firmware for the Meshtastic project. Rated high severity (CVSS 7.5), this vulnerability
Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh net
Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Rated
Meshtastic is an open source mesh networking solution. Rated medium severity (CVSS 5.3), this vulnerability is remotely
Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_reques
Meshtastic is an open source mesh networking solution. Rated critical severity (CVSS 9.4), this vulnerability is remotel
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today