Lucene search
+L
GotennaGotenna Pro

10 matches found

CVE
CVE
added 2024/09/26 5:18 p.m.61 views

CVE-2024-47121

The CVE-2024-47121 weakness in the goTenna Pro App is due to weak password requirements used to share encryption keys via the key broadcast method. If an encrypted broadcast key captured over RF is brute-forced, an attacker could decrypt past and future messages encrypted with that key. Affected ...

6CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2024/09/26 5:30 p.m.59 views

CVE-2024-47129

CVE-2024-47129 (goTenna) describes an Observable Response Discrepancy in the goTenna Pro App family where extra characters are not injected into broadcast frames to obfuscate payload length. This allows an observer to determine the length of the payload regardless of encryption. Supported by mult...

5.3CVSS5AI score0.00135EPSS
CVE
CVE
added 2024/09/26 5:21 p.m.57 views

CVE-2024-47124

CVE-2024-47124 affects the goTenna Pro App, where callsigns in messages are not encrypted (cleartext transmission). The issue is tied to the Pro App’s handling of callsigns in encrypted operation and is addressed by updating to the current app version that uses AES-256 encryption for callsigns. P...

6.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2024/09/26 5:20 p.m.56 views

CVE-2024-47123

CVE-2024-47123 is tied to the goTenna Pro family where AES-CTR is used for short encrypted messages without an integrity check. The root cause is lack of message integrity protection, which makes ciphertext malleable and could compromise confidentiality/integrity of communications on affected dev...

6CVSS5AI score0.00085EPSS
CVE
CVE
added 2024/09/26 5:27 p.m.56 views

CVE-2024-47127

CVE-2024-47127 affects goTenna Pro App (and Pro X/Pro X2 ecosystems). A vulnerability described across connected documents allows injecting arbitrary messages with any GID/Callsign into existing goTenna mesh networks via a software-defined radio, applicable when encryption is absent or cryptograp...

6.5CVSS5.4AI score0.00114EPSS
CVE
CVE
added 2024/09/26 5:30 p.m.55 views

CVE-2024-47130

CVE-2024-47130 describes a Missing Authentication for a Critical Function in the goTenna Pro App, enabling unauthenticated attackers to remotely update the local public keys used for P2P and group messages. Connected sources indicate this affects the goTenna Pro App (Pro series) with high impact ...

8.8CVSS7.6AI score0.00216EPSS
CVE
CVE
added 2024/09/26 5:19 p.m.53 views

CVE-2024-47122

CVE-2024-47122 describes insecure storage of encryption keys in the goTenna Pro ecosystem: encryption keys are stored on the End User Device together with a static IV, enabling decryption of all encrypted broadcast communications if the EUD is physically compromised. Affected products include goT...

6.5CVSS5.3AI score0.00138EPSS
CVE
CVE
added 2024/09/26 5:24 p.m.53 views

CVE-2024-47125

CVE-2024-47125 affects goTenna Pro App (versions up to 1.6.1). The underlying issue is improper authentication of public keys, allowing an unauthenticated attacker to manipulate messages (attack vector: adjacent, low complexity, no user interaction). MITRE details in ICS/Red Hat/NVD entries corro...

8.1CVSS6.7AI score0.00142EPSS
CVE
CVE
added 2024/09/26 5:26 p.m.52 views

CVE-2024-47126

CVE-2024-47126 is confirmed via connected sources as a vulnerability in the goTenna Pro ecosystem where the app does not use SecureRandom when generating passwords to share cryptographic keys. The underlying flaw is a weak PRNG in the key-sharing flow, enabling a potential brute-force attack if t...

8.8CVSS7.2AI score0.00238EPSS
CVE
CVE
added 2024/09/26 5:28 p.m.50 views

CVE-2024-47128

The CVE-2024-47128 issue affects goTenna Pro/Pro X series apps. The root cause is that the encryption key name is broadcast unencrypted over RF, potentially exposing sensitive information. Documented impact centers on confidentiality risk to broadcasted data, with remediation guidance to share ke...

5.3CVSS5AI score0.00131EPSS