Lucene search
K

113 matches found

Vulnrichment
Vulnrichment
added 2025/06/19 3:10 p.m.3 views

CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

9.5CVSS6.5AI score0.00418EPSS
Exploits0References5
OSV
OSV
added 2025/06/19 3:10 p.m.5 views

CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

9.5CVSS6.4AI score0.00418EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/06/19 3:10 p.m.12 views

CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

9.5CVSS0.00418EPSS
Exploits0References5
CVE
CVE
added 2025/06/19 3:10 p.m.95 views

CVE-2025-52464

Meshtastic versions 2.5.0–2.6.10 expose a vulnerability where flashing procedures can duplicate public/private keys and the RNG may have low entropy, allowing an attacker to decrypt Direct Messages after collecting compromised keys. This is caused by key generation timing and insufficient randomn...

9.5CVSS6.3AI score0.00418EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.4 views

Meshtastic 安全特征问题漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security signature issue vulnerability exists in Meshtastic versions prior to 2.5.0 through 2.6.11, which stems from insufficient entropy in the key generation process that could lead to key...

9.5CVSS6.3AI score0.00418EPSS
Exploits0References5
Wired Threat Level
Wired Threat Level
added 2025/06/04 10:0 a.m.22 views

The Texting Network for the End of the World

Everyone knows what it’s like to lose cell service. A burgeoning open source project called Meshtastic is filling the gap for when you’re in the middle of nowhere—or when disaster strikes...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.5 views

PT-2025-26221

Name of the Vulnerable Software and Affected Versions Meshtastic versions 2.5.0 through 2.6.10 Description Meshtastic is an open source mesh networking solution. The flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, Meshtastic was failin...

9.7CVSS5.4AI score0.00418EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.8 views

CVE-2024-51500

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address 0xFFFFFFFF which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could cra...

5.3CVSS6.9AI score0.00401EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of the operational-tactical radio communication device in hard-to-access areas, Meshtastic, is related to buffer overflows in dynamic memory, allowing a intruder to execute arbitrary code.

The vulnerability of the operational-tactical radio communication system in hard-to-access areas like Meshtastic is related to buffer overflows in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by sending specially crafted protobuf data...

9.7CVSS6.3AI score0.00829EPSS
Exploits2References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/16 11:57 p.m.17 views

CVE-2025-24797

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

9.4CVSS8.2AI score0.00829EPSS
Exploits2References1
NVD
NVD
added 2025/04/15 12:15 a.m.24 views

CVE-2025-24797

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

9.8CVSS0.00829EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/04/14 11:25 p.m.9 views

CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

9.4CVSS8.4AI score0.00829EPSS
Exploits2References1
CVE
CVE
added 2025/04/14 11:25 p.m.178 views

CVE-2025-24797

CVE-2025-24797 concerns Meshtastic, an open-source mesh networking solution. A fault in handling mesh packets containing invalid protobuf data can cause an attacker-controlled buffer overflow, hijacking execution flow and potentially enabling remote code execution. The root cause, as described in...

9.8CVSS9.8AI score0.00829EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2025/04/14 11:25 p.m.26 views

CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

9.4CVSS0.00829EPSS
Exploits2References1
OSV
OSV
added 2025/04/14 11:25 p.m.7 views

CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

9.4CVSS8.5AI score0.00829EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.4 views

Meshtastic 安全漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions prior to 2.6.2 that stems from a buffer overflow when processing invalid protobuf data, which could lead to remote code execution...

9.8CVSS7.8AI score0.00829EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.6 views

PT-2025-16280 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.6.2 Description: Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an...

9.7CVSS9.5AI score0.00829EPSS
Exploits2References20
RedhatCVE
RedhatCVE
added 2025/02/20 6:20 p.m.9 views

CVE-2025-21608

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...

5.3CVSS6.8AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2025/02/18 7:15 p.m.14 views

CVE-2025-21608

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...

5.3CVSS0.00344EPSS
Exploits0References1
OSV
OSV
added 2025/02/18 6:17 p.m.3 views

CVE-2025-21608 Forged packets over MQTT can show up in direct messages in Meshtastic firmware

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...

5.3CVSS6.7AI score0.00344EPSS
Exploits0References3
Rows per page
Query Builder