Vulnerabilities > Gotenna

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-47122 Insecure Storage of Sensitive Information vulnerability in Gotenna PRO
In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD).
low complexity
gotenna CWE-922
6.5
2024-09-26 CVE-2024-47123 Insufficient Verification of Data Authenticity vulnerability in Gotenna PRO
The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms.
high complexity
gotenna CWE-345
3.1
2024-09-26 CVE-2024-47124 Cleartext Transmission of Sensitive Information vulnerability in Gotenna PRO
The goTenna Pro App does not encrypt callsigns in messages.
low complexity
gotenna CWE-319
6.5
2024-09-26 CVE-2024-47125 Improper Authentication vulnerability in Gotenna PRO
The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages.
low complexity
gotenna CWE-287
5.4
2024-09-26 CVE-2024-47126 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Gotenna PRO
The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys.
low complexity
gotenna CWE-338
8.8
2024-09-26 CVE-2024-47127 Improper Authentication vulnerability in Gotenna PRO
In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks.
high complexity
gotenna CWE-287
3.1
2024-09-26 CVE-2024-47128 Unspecified vulnerability in Gotenna PRO
The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message.
low complexity
gotenna
4.3
2024-09-26 CVE-2024-47129 Information Exposure Through Discrepancy vulnerability in Gotenna PRO
The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages.
low complexity
gotenna CWE-203
4.3
2024-09-26 CVE-2024-47130 Missing Authentication for Critical Function vulnerability in Gotenna PRO
The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages.
low complexity
gotenna CWE-306
6.5