CVE-2024-47079

MEDIUM

Meshtastic <2.5.1 - RCE

Title source: llm

Description

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References (1)

[Vendor Advisory] https://github.com/meshtastic/firmware/security/advisories/GHSA-h8mh-p4r3-4jv7

Scores

CVSS v3 6.4

EPSS 0.0031

EPSS Percentile 54.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-345

Status published

Products (1)

meshtastic/meshtastic_firmware < 2.5.1

Published Oct 07, 2024

Tracked Since Feb 18, 2026