HIGH🇵🇱 Wersja polska

CVE-2024-47078

CVSS 8.1v3.1pub. 2024-09-25upd. 2024-12-02

Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Meshtastic Firmware

    OS
    Meshtastic
    < 2.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-55293CRITICAL9.4PL ✓ten sam produkt

Meshtastic Firmware: pominięcie uwierzytelnienia przez podmianę klucza publicznego

CVE-2025-52464CRITICAL9.5PL ✓ten sam produkt

Meshtastic Firmware: słaba entropia i duplikacja kluczy kryptograficznych

CVE-2025-24797CRITICAL9.4PL ✓ten sam produkt

RCE przez buffer overflow w obsłudze pakietów protobuf w Meshtastic Firmware

CVE-2025-55292HIGH8.2ten sam produkt

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is ident...

CVE-2024-45038HIGH7.5ten sam produkt

Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized...