Products
goTenna Pro
Source
ics-cert@hq.dhs.gov
Tags
CVE-2024-47127 details
Published : Sept. 26, 2024, 6:15 p.m.
Last Modified : Sept. 26, 2024, 6:15 p.m.
Last Modified : Sept. 26, 2024, 6:15 p.m.
Description
In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulnerability can be exploited if the device is being used in a unencrypted environment or if the cryptography has already been compromised.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-1390 | Weak Authentication | The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. |
References
URL | Source |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 | ics-cert@hq.dhs.gov |
This website uses the NVD API, but is not approved or certified by it.