|
319901
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App allows unauthenticated attackers to remotely update
the local public keys used for P2P and group messages. It is advised to
update your app to the current release for enhanced e…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-47130
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319902
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not inject extra characters into broadcasted
frames to obfuscate the length of messages. This makes it possible to
tell the length of the payload regardless of the encrypti…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-47129
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319903
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App encryption key name is always sent unencrypted when
the key is shared over RF through a broadcast message. It is advised to
share the encryption key via local QR for higher secu…
|
NVD-CWE-noinfo
|
CVE-2024-47128
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319904
|
3.1 |
LOW
Adjacent
|
gotenna
|
gotenna_pro
|
In the goTenna Pro App there is a vulnerability that makes it possible
to inject any custom message with any GID and Callsign using a software
defined radio in existing goTenna mesh networks. This …
|
CWE-287
Improper Authentication
|
CVE-2024-47127
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319905
|
8.8 |
HIGH
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not use SecureRandom when generating passwords
for sharing cryptographic keys. The random function in use makes it
easier for attackers to brute force this password if the …
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2024-47126
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319906
|
5.4 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not authenticate public keys which allows an
unauthenticated attacker to manipulate messages. It is advised to update
your app to the current release for enhanced encryptio…
|
CWE-287
Improper Authentication
|
CVE-2024-47125
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319907
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not encrypt callsigns in messages. It is
recommended to not use sensitive information in callsigns when using
this and previous versions of the app and update your app to t…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-47124
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319908
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
In the goTenna Pro App, the encryption keys are stored along with a
static IV on the End User Device (EUD). This allows for complete
decryption of keys stored on the EUD if physically compromised. …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-47122
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319909
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
The goTenna Pro ATAK Plugin's default settings are to share Automatic
Position, Location, and Information (PLI) updates every 60 seconds once
the plugin is active and goTenna is connected. Users th…
|
NVD-CWE-Other
|
CVE-2024-43814
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319910
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43362
|
2024-10-18 03:14 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
