MEDIUM🇵🇱 Wersja polska

CVE-2024-47129

CVSS 5.3v4.0pub. 2024-09-26upd. 2024-10-17

The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.

CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Gotenna Pro

    APP
    Gotenna
    ≤ 1.6.1< 2.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-47130HIGH8.7ten sam produkt

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P an...

CVE-2024-47125HIGH7.6ten sam produkt

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate ...

CVE-2024-47126HIGH7.1ten sam produkt

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The r...

CVE-2024-47128MEDIUM5.3ten sam produkt

The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a b...

CVE-2024-47121MEDIUM6.0ten sam produkt

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the bro...