Mesh Firmware Security Vulnerabilities and Issues — Mesh Firmware CVE List

Lucene search

GotennaMesh Firmware

5 matches found

CVE•added 2025/05/01 6:15 p.m.•40 views

CVE-2025-32890

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.

6.5CVSS7.1AI score0.0001EPSS

CVE•added 2025/05/01 6:15 p.m.•38 views

CVE-2025-32884

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.

6.5CVSS4.6AI score0.00015EPSS

CVE•added 2025/05/01 6:15 p.m.•37 views

CVE-2025-32881

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.

6.5CVSS6.7AI score0.00015EPSS

CVE•added 2025/05/01 6:15 p.m.•37 views

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.

6.5CVSS7.1AI score0.00008EPSS

CVE•added 2025/05/01 6:15 p.m.•35 views

CVE-2025-32885

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted envi...

6.5CVSS6.9AI score0.0005EPSS