Vulnerabilities > CVE-2024-41722 - Unspecified vulnerability in Gotenna

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

gotenna

NVD

Published: 2024-09-26

Updated: 2024-10-17

Summary

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to use encryption shared with local QR code for higher security operations.

Vulnerable Configurations

Part	Description	Count
Application	Gotenna Gotenna Gotenna *	1

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05