Vulnerability in goTenna Pro ATAK Plugin Allows Custom Message Injection

CVE-2024-41722

6.5MEDIUM

Key Information

Vendor: Gotenna
Status: Pro Atak Plugin
Vendor: CVE Published:; 26 September 2024

Summary

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to use encryption shared with local QR code for higher security operations.

Affected Version(s)

Pro ATAK Plugin <= 1.9.12

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 26, 2024
Vulnerability Reserved.
Sep 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

Erwin Karincic, Clayton Smith, and Dale Wooden reported this these vulnerabilities to CISA.