Описание
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.
Ссылки
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:gotenna:mesh_firmware:1.1.12:*:*:*:*:*:*:*
cpe:2.3:h:gotenna:mesh:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:gotenna:gotenna:5.5.3:*:*:*:*:-:*:*
EPSS
Процентиль: 4%
0.00019
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 4.3
github
9 месяцев назад
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.
EPSS
Процентиль: 4%
0.00019
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-319