Description
In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05
Scores
CVSS v3
4.3
EPSS
0.0013
EPSS Percentile
3.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-922
Status
published
Products (1)
gotenna/atak_plugin
< 2.0.7
Published
Sep 26, 2024
Tracked Since
Feb 18, 2026