CVE-2024-41722

Опубликовано: 26 сент. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to use encryption shared with local QR code for higher security operations.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*

Версия до 2.0.7 (исключая)

EPSS

Процентиль: 7%

0.00029

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-1390

NVD-CWE-Other

Связанные уязвимости

GHSA-xw45-w4r2-g9c2

CVSS3: 6.5

github

11 месяцев назад

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulnerability can be exploited if the device is being used in a unencrypted environment or if the cryptography has already been compromised.

EPSS

Процентиль: 7%

0.00029

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-1390

NVD-CWE-Other