Skip to main content

Gotenna Pro

10 CVEs product

Monthly

CVE-2024-47130 HIGH This Week

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gotenna Pro
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-47129 MEDIUM This Month

The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Gotenna Pro
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-47128 MEDIUM This Month

The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-47127 MEDIUM This Month

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Gotenna Pro
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-47126 HIGH This Week

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-47125 HIGH This Week

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
7.6
EPSS
0.1%
CVE-2024-47124 LOW Monitor

The goTenna Pro App does not encrypt callsigns in messages. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2024-47123 MEDIUM This Month

The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-47122 MEDIUM This Month

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-47121 MEDIUM This Month

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Brute Force Information Disclosure Gotenna Pro
NVD
CVSS 4.0
6.0
EPSS
0.1%
EPSS 0% CVSS 8.7
HIGH This Week

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gotenna Pro
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Gotenna Pro
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Gotenna Pro
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
EPSS 0% CVSS 7.6
HIGH This Week

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
EPSS 0% CVSS 2.3
LOW Monitor

The goTenna Pro App does not encrypt callsigns in messages. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Brute Force Information Disclosure Gotenna Pro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy