Описание
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.
Ссылки
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:gotenna:mesh_firmware:0.25.5:*:*:*:*:*:*:*
cpe:2.3:h:gotenna:mesh:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:gotenna:gotenna:5.5.3:*:*:*:*:-:*:*
EPSS
Процентиль: 4%
0.00019
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 4.3
github
9 месяцев назад
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.
EPSS
Процентиль: 4%
0.00019
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-319