112 matches found
malla: Stored XSS via Meshtastic node names in multiple frontend pages
Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...
Exploit for Use of Less Trusted Source in Meshtastic Meshtastic_Firmware
Stopping Meshtastic from-field spoof attacks — shape-detecti...
CVE-2025-55292
Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...
CVE-2025-55292
Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...
Meshtastic security vulnerabilities
Meshtastic is an open-source, decentralized wireless off-grid mesh network LoRa protocol developed by Meshtastic. Meshtastic has a security vulnerability, which stems from defects in the node identification mechanism. This vulnerability could allow attackers to forge node information and hijack...
CVE-2025-55292 In Meshtastic, an attacker can spoof licensed amateur flag for a node
Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...
CVE-2025-55292 In Meshtastic, an attacker can spoof licensed amateur flag for a node
Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...
CVE-2025-53627
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
CVE-2025-53627
Meshtastic firmware (from version 2.5) can fall back to legacy AES-256-CTR if the pki_encrypted flag is missing, undermining PKI end-to-end direct messages. The downgrade path allows adversaries with a shared channel key to inject spoofed DMs that appear PKI-encrypted to end-user apps (Web, iOS/A...
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
EUVD-2025-205605
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
PT-2025-53743
Name of the Vulnerable Software and Affected Versions Meshtastic versions 2.5 through 2.7.14 Description Meshtastic firmware, starting with version 2.5, implemented asymmetric encryption PKI for direct messages. However, when the pki encrypted flag is absent, the firmware reverts to legacy...
Meshtastic 安全漏洞
Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions 2.5 up to and including 2.7.15, which stems from a degradation attack path in the absence of PKI cryptographic flags, and could lead to an...
EUVD-2024-42266
Malicious code in bioql PyPI...
EUVD-2024-42265
Malicious code in bioql PyPI...
EUVD-2024-54776
Malicious code in bioql PyPI...
EUVD-2024-41281
Malicious code in bioql PyPI...
EUVD-2025-25140
Malicious code in bioql PyPI...