113 matches found
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
CVE-2025-52464
Meshtastic versions 2.5.0–2.6.10 expose a vulnerability where flashing procedures can duplicate public/private keys and the RNG may have low entropy, allowing an attacker to decrypt Direct Messages after collecting compromised keys. This is caused by key generation timing and insufficient randomn...
Meshtastic 安全特征问题漏洞
Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security signature issue vulnerability exists in Meshtastic versions prior to 2.5.0 through 2.6.11, which stems from insufficient entropy in the key generation process that could lead to key...
The Texting Network for the End of the World
Everyone knows what it’s like to lose cell service. A burgeoning open source project called Meshtastic is filling the gap for when you’re in the middle of nowhere—or when disaster strikes...
PT-2025-26221
Name of the Vulnerable Software and Affected Versions Meshtastic versions 2.5.0 through 2.6.10 Description Meshtastic is an open source mesh networking solution. The flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, Meshtastic was failin...
CVE-2024-51500
Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address 0xFFFFFFFF which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could cra...
The vulnerability of the operational-tactical radio communication device in hard-to-access areas, Meshtastic, is related to buffer overflows in dynamic memory, allowing a intruder to execute arbitrary code.
The vulnerability of the operational-tactical radio communication system in hard-to-access areas like Meshtastic is related to buffer overflows in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by sending specially crafted protobuf data...
CVE-2025-24797
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...
CVE-2025-24797
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...
CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...
CVE-2025-24797
CVE-2025-24797 concerns Meshtastic, an open-source mesh networking solution. A fault in handling mesh packets containing invalid protobuf data can cause an attacker-controlled buffer overflow, hijacking execution flow and potentially enabling remote code execution. The root cause, as described in...
CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...
CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...
Meshtastic 安全漏洞
Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions prior to 2.6.2 that stems from a buffer overflow when processing invalid protobuf data, which could lead to remote code execution...
PT-2025-16280 · Unknown · Meshtastic
Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.6.2 Description: Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an...
CVE-2025-21608
Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...
CVE-2025-21608
Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...
CVE-2025-21608 Forged packets over MQTT can show up in direct messages in Meshtastic firmware
Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...