23 matches found
EUVD-2024-54776
Malicious code in bioql PyPI...
EUVD-2025-25140
Malicious code in bioql PyPI...
CVE-2025-55293
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
PT-2025-33677 · Unknown · Meshtastic
Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.6.3 Description: Meshtastic is a mesh networking solution. An attacker can send NodeInfo with an empty publicKey to bypass size checks, clearing the existing public key. Subsequently, a new key can be sent and...
CVE-2024-47065
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...
CVE-2024-47065 Traceroute_APP responses are not rate-limited.
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...
Meshtastic 安全漏洞
Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions prior to 2.5.1 that stems from an unrate-limited traceroute response from a remote node, which could lead to location confidentiality issue...
CVE-2025-24798 Meshtastic crashes via an unimplemented routing module reply
Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains wantresponse==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This...
CVE-2025-24798 Meshtastic crashes via an unimplemented routing module reply
Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains wantresponse==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This...
CVE-2025-24798 Meshtastic crashes via an unimplemented routing module reply
Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains wantresponse==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This...
PT-2025-29170 · Unknown · Meshtastic
Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.6.6 Description: Meshtastic is an open source mesh networking solution. The main matrix.yml GitHub Action is triggered by the pull request target event, which has extensive permissions and can be initiated by an...
PT-2025-29169 · Unknown · Meshtastic
Name of the Vulnerable Software and Affected Versions: Meshtastic versions 1.2.1 through 2.6.2 Description: Meshtastic is an open source mesh networking solution. A packet sent to the routing module with want response set to true causes a crash. This can lead to a degradation of service for nodes...
CVE-2025-52464
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-52464
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-24797
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...
CVE-2025-24797
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...