Vulnerabilities > Gotenna > Gotenna PRO > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-47121 | Weak Password Requirements vulnerability in Gotenna PRO The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. | 5.3 |
| 2024-09-26 | CVE-2024-47122 | Insecure Storage of Sensitive Information vulnerability in Gotenna PRO In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). | 6.5 |
| 2024-09-26 | CVE-2024-47124 | Cleartext Transmission of Sensitive Information vulnerability in Gotenna PRO The goTenna Pro App does not encrypt callsigns in messages. | 6.5 |
| 2024-09-26 | CVE-2024-47125 | Improper Authentication vulnerability in Gotenna PRO The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. | 5.4 |
| 2024-09-26 | CVE-2024-47128 | Unspecified vulnerability in Gotenna PRO The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. low complexity gotenna | 4.3 |
| 2024-09-26 | CVE-2024-47129 | Information Exposure Through Discrepancy vulnerability in Gotenna PRO The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. | 4.3 |
| 2024-09-26 | CVE-2024-47130 | Missing Authentication for Critical Function vulnerability in Gotenna PRO The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. | 6.5 |