Vulnerabilities > Gotenna
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-47122 | Insecure Storage of Sensitive Information vulnerability in Gotenna PRO In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). | 6.5 |
| 2024-09-26 | CVE-2024-47123 | Insufficient Verification of Data Authenticity vulnerability in Gotenna PRO The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. | 3.1 |
| 2024-09-26 | CVE-2024-47124 | Cleartext Transmission of Sensitive Information vulnerability in Gotenna PRO The goTenna Pro App does not encrypt callsigns in messages. | 6.5 |
| 2024-09-26 | CVE-2024-47125 | Improper Authentication vulnerability in Gotenna PRO The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. | 5.4 |
| 2024-09-26 | CVE-2024-47126 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Gotenna PRO The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. | 8.8 |
| 2024-09-26 | CVE-2024-47127 | Improper Authentication vulnerability in Gotenna PRO In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. | 3.1 |
| 2024-09-26 | CVE-2024-47128 | Unspecified vulnerability in Gotenna PRO The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. low complexity gotenna | 4.3 |
| 2024-09-26 | CVE-2024-47129 | Information Exposure Through Discrepancy vulnerability in Gotenna PRO The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. | 4.3 |
| 2024-09-26 | CVE-2024-47130 | Missing Authentication for Critical Function vulnerability in Gotenna PRO The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. | 6.5 |