Gotenna Pro
10 CVEs affecting Gotenna Pro. Latest disclosed: 2024-09-26. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-47130 | High | 8.8 | 2024-09-26 | The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your a… |
CVE-2024-47125 | High | 8.1 | 2024-09-26 | The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to th… |
CVE-2024-47127 | Medium | 6.5 | 2024-09-26 | In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio… |
CVE-2024-47126 | Medium | 6.5 | 2024-09-26 | The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attack… |
CVE-2024-47123 | Medium | 5.3 | 2024-09-26 | The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages mal… |
CVE-2024-47121 | Medium | 5.3 | 2024-09-26 | The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and… |
CVE-2024-47129 | Medium | 4.3 | 2024-09-26 | The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length o… |
CVE-2024-47128 | Medium | 4.3 | 2024-09-26 | The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the enc… |
CVE-2024-47124 | Medium | 4.3 | 2024-09-26 | The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous vers… |
CVE-2024-47122 | Medium | 4.3 | 2024-09-26 | In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). This allows for complete decryption of keys store… |