Описание
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
Ссылки
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:gotenna:mesh_firmware:0.25.5:*:*:*:*:*:*:*
cpe:2.3:h:gotenna:mesh:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:gotenna:gotenna:5.5.3:*:*:*:*:-:*:*
EPSS
Процентиль: 1%
0.00009
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-353
Связанные уязвимости
CVSS3: 5.3
github
9 месяцев назад
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
EPSS
Процентиль: 1%
0.00009
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-353