Lucene search
K

113 matches found

CVE
CVE
added 2025/02/18 6:17 p.m.81 views

CVE-2025-21608

CVE-2025-21608 affects Meshtastic firmware; forged packets over MQTT can be shown as direct messages in a client to a node because PKC decoding failed. Root cause: packets crafted over MQTT were not decoded with PKC, enabling visibility of a DM in the client. Impact is described as partial (integ...

5.3CVSS6.9AI score0.00344EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/18 6:17 p.m.3 views

CVE-2025-21608 Forged packets over MQTT can show up in direct messages in Meshtastic firmware

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...

5.3CVSS6.7AI score0.00344EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/18 6:17 p.m.9 views

CVE-2025-21608 Forged packets over MQTT can show up in direct messages in Meshtastic firmware

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...

5.3CVSS6.5AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.5 views

Meshtastic device firmware 安全漏洞

Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A security vulnerability exists in Meshtastic device firmware that stems from not properly validating MQTT packets. An attacker exploiting this...

5.3CVSS6.5AI score0.00344EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 8:21 a.m.7 views

CVE-2024-47078

Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone i.e., via bluetooth. Prior to...

9.8CVSS7.1AI score0.00464EPSS
Exploits0References1
NVD
NVD
added 2024/11/04 11:15 p.m.15 views

CVE-2024-51500

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address 0xFFFFFFFF which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could cra...

7.5CVSS0.00401EPSS
Exploits0References1
OSV
OSV
added 2024/11/04 11:0 p.m.7 views

CVE-2024-51500 Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address 0xFFFFFFFF which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could cra...

5.3CVSS6.8AI score0.00401EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/04 11:0 p.m.13 views

CVE-2024-51500 Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address 0xFFFFFFFF which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could cra...

5.3CVSS6.9AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/04 11:0 p.m.20 views

CVE-2024-51500 Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address 0xFFFFFFFF which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could cra...

5.3CVSS0.00401EPSS
Exploits0References1
CVE
CVE
added 2024/11/04 11:0 p.m.57 views

CVE-2024-51500

The CVE-2024-51500 entry affects Meshtastic firmware. Description details that the firmware does not inspect packets from the special broadcast address 0xFFFFFFFF, enabling a malicious actor to craft a broadcast-like packet that amplifies a single message into multiple messages across every node,...

7.5CVSS5.2AI score0.00401EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.9 views

Meshtastic device firmware 安全漏洞

Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A security vulnerability exists in Meshtastic device firmware prior to version 2.5.6 that stems from the fact that Meshtastic firmware does not inspec...

7.5CVSS6.5AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2024/10/07 8:15 p.m.30 views

CVE-2024-47079

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote...

6.4CVSS0.00186EPSS
Exploits0References1
OSV
OSV
added 2024/10/07 8:15 p.m.41 views

UBUNTU-CVE-2024-47079

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote...

6.4CVSS5.8AI score0.00186EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/07 7:55 p.m.19 views

CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote...

6.4CVSS7.2AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/07 7:55 p.m.35 views

CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote...

6.4CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2024/10/07 7:55 p.m.53 views

CVE-2024-47079

The CVE-2024-47079 entry concerns Meshtastic firmware where the remote hardware module failed to validate incoming remote hardware control messages. Root cause: the validation checks were missing, allowing unauthorized usage of the remote hardware module. Impact: as described, potential improper ...

6.4CVSS6.4AI score0.00186EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/07 7:55 p.m.8 views

CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote...

6.4CVSS6.8AI score0.00186EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/07 12:0 a.m.5 views

Meshtastic device firmware 数据伪造问题漏洞

Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A data forgery vulnerability exists in Meshtastic versions prior to 2.5.1, which stems from the remote hardware module not checking if a received remo...

6.4CVSS6.6AI score0.00186EPSS
Exploits0References2
NVD
NVD
added 2024/09/25 4:15 p.m.14 views

CVE-2024-47078

Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone i.e., via bluetooth. Prior to...

9.8CVSS0.00464EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/09/25 4:15 p.m.16 views

CVE-2024-47078

Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone i.e., via bluetooth. Prior to...

9.8CVSS5.9AI score0.00464EPSS
Exploits0References2
Rows per page
Query Builder