Gotenna Pro Security Vulnerabilities and Issues — Gotenna Pro CVE List

Lucene search

GotennaGotenna Pro

10 matches found

CVE•added 2024/09/26 6:15 p.m.•43 views

CVE-2024-47129

The goTenna Pro App does not inject extra characters into broadcastedframes to obfuscate the length of messages. This makes it possible totell the length of the payload regardless of the encryption used.

5.3CVSS5AI score0.00031EPSS

CVE•added 2024/09/26 6:15 p.m.•42 views

CVE-2024-47121

The goTenna Pro App uses a weak password for sharing encryption keys viathe key broadcast method. If the broadcasted encryption key is capturedover RF, and password is cracked via brute force attack, it is possibleto decrypt it and use it to decrypt all future and past messages sentvia encrypted br...

6CVSS5.8AI score0.00023EPSS

CVE•added 2024/09/26 6:15 p.m.•40 views

CVE-2024-47124

The goTenna Pro App does not encrypt callsigns in messages. It isrecommended to not use sensitive information in callsigns when usingthis and previous versions of the app and update your app to the currentapp version which uses AES-256 encryption for callsigns in encryptedoperation.

6.5CVSS5.2AI score0.00017EPSS

CVE•added 2024/09/26 6:15 p.m.•38 views

CVE-2024-47127

In the goTenna Pro App there is a vulnerability that makes it possibleto inject any custom message with any GID and Callsign using a softwaredefined radio in existing goTenna mesh networks. This vulnerability canbe exploited if the device is being used in an unencrypted environmentor if the cryptog...

6.5CVSS5.4AI score0.00023EPSS

CVE•added 2024/09/26 6:15 p.m.•37 views

CVE-2024-47123

The goTenna Pro App uses AES CTR type encryption for short, encryptedmessages without any additional integrity checking mechanisms. Thisleaves messages malleable to an attacker that can access the message. Itis recommended to continue to use encryption in the app and update tothe current release fo...

6CVSS5AI score0.00012EPSS

CVE•added 2024/09/26 6:15 p.m.•37 views

CVE-2024-47130

The goTenna Pro App allows unauthenticated attackers to remotely updatethe local public keys used for P2P and group messages. It is advised toupdate your app to the current release for enhanced encryptionprotocols.

8.8CVSS7.6AI score0.00057EPSS

CVE•added 2024/09/26 6:15 p.m.•36 views

CVE-2024-47125

The goTenna Pro App does not authenticate public keys which allows anunauthenticated attacker to manipulate messages. It is advised to updateyour app to the current release for enhanced encryption protocols.

8.1CVSS6.7AI score0.00038EPSS

CVE•added 2024/09/26 6:15 p.m.•35 views

CVE-2024-47122

In the goTenna Pro App, the encryption keys are stored along with astatic IV on the End User Device (EUD). This allows for completedecryption of keys stored on the EUD if physically compromised. Thisallows an attacker to decrypt all encrypted broadcast communicationsbased on encryption keys stored ...

6.5CVSS5.3AI score0.0003EPSS

CVE•added 2024/09/26 6:15 p.m.•34 views

CVE-2024-47128

The goTenna Pro App encryption key name is always sent unencrypted whenthe key is shared over RF through a broadcast message. It is advised toshare the encryption key via local QR for higher security operations.

5.3CVSS5AI score0.00027EPSS

CVE•added 2024/09/26 6:15 p.m.•33 views

CVE-2024-47126

The goTenna Pro App does not use SecureRandom when generating passwordsfor sharing cryptographic keys. The random function in use makes iteasier for attackers to brute force this password if the broadcastedencryption key is captured over RF. This only applies to the optionalbroadcast of an encrypti...

8.8CVSS7.2AI score0.00035EPSS