Back

CVE-2024-47127

Sept. 26, 2024, 6:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

goTenna Pro

Source

ics-cert@hq.dhs.gov

Tags

ics-cert@hq.dhs.gov
CWE-1390
2024-09-26
CVE-2024-47127

CVE-2024-47127 details

Published : Sept. 26, 2024, 6:15 p.m.
Last Modified : Sept. 26, 2024, 6:15 p.m.

Description

In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulnerability can be exploited if the device is being used in a unencrypted environment or if the cryptography has already been compromised.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-1390 Weak Authentication The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

References

URL Source
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 ics-cert@hq.dhs.gov
This website uses the NVD API, but is not approved or certified by it.