Описание
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
Ссылки
- ExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:gotenna:mesh_firmware:1.1.12:*:*:*:*:*:*:*
cpe:2.3:h:gotenna:mesh:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:gotenna:gotenna:5.5.3:*:*:*:*:-:*:*
EPSS
Процентиль: 1%
0.00012
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-353
Связанные уязвимости
CVSS3: 5.3
github
9 месяцев назад
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
EPSS
Процентиль: 1%
0.00012
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-353