13 matches found
CVE-2025-24797
CVE-2025-24797 concerns Meshtastic, an open-source mesh networking solution. A fault in handling mesh packets containing invalid protobuf data can cause an attacker-controlled buffer overflow, hijacking execution flow and potentially enabling remote code execution. The root cause, as described in...
CVE-2025-52464
Meshtastic versions 2.5.0–2.6.10 expose a vulnerability where flashing procedures can duplicate public/private keys and the RNG may have low entropy, allowing an attacker to decrypt Direct Messages after collecting compromised keys. This is caused by key generation timing and insufficient randomn...
CVE-2025-21608
CVE-2025-21608 affects Meshtastic firmware; forged packets over MQTT can be shown as direct messages in a client to a node because PKC decoding failed. Root cause: packets crafted over MQTT were not decoded with PKC, enabling visibility of a DM in the client. Impact is described as partial (integ...
CVE-2025-53627
Meshtastic firmware (from version 2.5) can fall back to legacy AES-256-CTR if the pki_encrypted flag is missing, undermining PKI end-to-end direct messages. The downgrade path allows adversaries with a shared channel key to inject spoofed DMs that appear PKI-encrypted to end-user apps (Web, iOS/A...
CVE-2024-45038
Summary (CVE-2024-45038) : The vulnerability is a denial-of-service in the MQTT handling of the Meshtastic device firmware prior to version 2.4.1. The fix is in Meshtastic firmware version 2.4.1 and on the Meshtastic public MQTT Broker. Affected product: Meshtastic device firmware (pre-2.4.1). Im...
CVE-2024-51500
The CVE-2024-51500 entry affects Meshtastic firmware. Description details that the firmware does not inspect packets from the special broadcast address 0xFFFFFFFF, enabling a malicious actor to craft a broadcast-like packet that amplifies a single message into multiple messages across every node,...
CVE-2024-47079
The CVE-2024-47079 entry concerns Meshtastic firmware where the remote hardware module failed to validate incoming remote hardware control messages. Root cause: the validation checks were missing, allowing unauthorized usage of the remote hardware module. Impact: as described, potential improper ...
CVE-2024-47078
Meshtastic firmware prior to 2.5.1 contains weaknesses in the MQTT implementation that bypass authentication and authorization, allowing unauthorized control of MQTT-connected nodes. Version 2.5.1 patches the issue. Practical impact: unauthorized access/control via MQTT. Remediation: upgrade to 2...
CVE-2025-55293
Meshtastic (vulnerable before 2.6.3) allows crafting NodeInfo packets to overwrite a known node’s publicKey in NodeDB. Attack flow: first send NodeInfo with an empty publicKey to bypass size checks (clears existing key), then send a new key that gets stored. Root cause is improper handling of emp...
CVE-2025-24798
CVE-2025-24798 – Meshtastic : Affects Meshtastic Open Source firmware versions 1.2.1 through 2.6.2. A crafted packet sent to the routing module with want_response==true can crash the router, causing degradation of service for nodes within range and potentially affecting MQTT downlinks. Root cause...
CVE-2024-47065
CVE-2024-47065 affects Meshtastic before version 2.5.1, where traceroute responses from remote nodes were not rate limited. This allows rapid, repeated responses (approximately 100 samples in ~2 minutes) and can enable a 2:1 reflected DoS, with positional confidentiality concerns highlighted as a...
CVE-2025-55292
CVE-2025-55292 affects Meshtastic, where NodeIDs are derived from MAC addresses instead of public keys, enabling an attacker to forge a NodeInfo and advertise HAM mode (which lacks encryption). This allows other mesh nodes to accept the forged information, overwrite the NodeDB, and route direct m...
CVE-2025-53637
Summary: CVE-2025-53637 affects Meshtastic open-source firmware; the issue resides in the main_matrix.yml GitHub Action, where user input is interpolated unsafely in shell code. This can be triggered by a attacker who forks the repository and opens a pull request via pull_request_target, leveragi...