10 matches found
CVE-2024-47121
The CVE-2024-47121 weakness in the goTenna Pro App is due to weak password requirements used to share encryption keys via the key broadcast method. If an encrypted broadcast key captured over RF is brute-forced, an attacker could decrypt past and future messages encrypted with that key. Affected ...
CVE-2024-47129
CVE-2024-47129 (goTenna) describes an Observable Response Discrepancy in the goTenna Pro App family where extra characters are not injected into broadcast frames to obfuscate payload length. This allows an observer to determine the length of the payload regardless of encryption. Supported by mult...
CVE-2024-47124
CVE-2024-47124 affects the goTenna Pro App, where callsigns in messages are not encrypted (cleartext transmission). The issue is tied to the Pro App’s handling of callsigns in encrypted operation and is addressed by updating to the current app version that uses AES-256 encryption for callsigns. P...
CVE-2024-47123
CVE-2024-47123 is tied to the goTenna Pro family where AES-CTR is used for short encrypted messages without an integrity check. The root cause is lack of message integrity protection, which makes ciphertext malleable and could compromise confidentiality/integrity of communications on affected dev...
CVE-2024-47127
CVE-2024-47127 affects goTenna Pro App (and Pro X/Pro X2 ecosystems). A vulnerability described across connected documents allows injecting arbitrary messages with any GID/Callsign into existing goTenna mesh networks via a software-defined radio, applicable when encryption is absent or cryptograp...
CVE-2024-47130
CVE-2024-47130 describes a Missing Authentication for a Critical Function in the goTenna Pro App, enabling unauthenticated attackers to remotely update the local public keys used for P2P and group messages. Connected sources indicate this affects the goTenna Pro App (Pro series) with high impact ...
CVE-2024-47122
CVE-2024-47122 describes insecure storage of encryption keys in the goTenna Pro ecosystem: encryption keys are stored on the End User Device together with a static IV, enabling decryption of all encrypted broadcast communications if the EUD is physically compromised. Affected products include goT...
CVE-2024-47125
CVE-2024-47125 affects goTenna Pro App (versions up to 1.6.1). The underlying issue is improper authentication of public keys, allowing an unauthenticated attacker to manipulate messages (attack vector: adjacent, low complexity, no user interaction). MITRE details in ICS/Red Hat/NVD entries corro...
CVE-2024-47126
CVE-2024-47126 is confirmed via connected sources as a vulnerability in the goTenna Pro ecosystem where the app does not use SecureRandom when generating passwords to share cryptographic keys. The underlying flaw is a weak PRNG in the key-sharing flow, enabling a potential brute-force attack if t...
CVE-2024-47128
The CVE-2024-47128 issue affects goTenna Pro/Pro X series apps. The root cause is that the encryption key name is broadcast unencrypted over RF, potentially exposing sensitive information. Documented impact centers on confidentiality risk to broadcasted data, with remediation guidance to share ke...