CVE-2024-47125

HIGH

goTenna Pro App - Info Disclosure

Title source: llm

Description

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04

Scores

CVSS v3 8.1

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-287 CWE-923

Status published

Affected Products (2)

gotenna/gotenna_pro < 1.6.1

gotenna/gotenna_pro < 2.0.3

Timeline

Published Sep 26, 2024

Tracked Since Feb 18, 2026