CVE-2024-47121

The goTenna Pro App uses a weak password for sharing encryption keys viathe key broadcast method. If the broadcasted encryption key is capturedover RF, and password is cracked via brute force attack, it is possibleto decrypt it and use it to decrypt all future and past messages sentvia encrypted br...

CVE-2024-47124

The goTenna Pro App does not encrypt callsigns in messages. It isrecommended to not use sensitive information in callsigns when usingthis and previous versions of the app and update your app to the currentapp version which uses AES-256 encryption for callsigns in encryptedoperation.

CVE-2024-47127

In the goTenna Pro App there is a vulnerability that makes it possibleto inject any custom message with any GID and Callsign using a softwaredefined radio in existing goTenna mesh networks. This vulnerability canbe exploited if the device is being used in an unencrypted environmentor if the cryptog...

CVE-2024-47123

The goTenna Pro App uses AES CTR type encryption for short, encryptedmessages without any additional integrity checking mechanisms. Thisleaves messages malleable to an attacker that can access the message. Itis recommended to continue to use encryption in the app and update tothe current release fo...

CVE-2024-47122

In the goTenna Pro App, the encryption keys are stored along with astatic IV on the End User Device (EUD). This allows for completedecryption of keys stored on the EUD if physically compromised. Thisallows an attacker to decrypt all encrypted broadcast communicationsbased on encryption keys stored ...