Remote Hardware Control Oversight in Meshtastic Firmware by Meshtastic
CVE-2024-47079

Currently unrated

Key Information:

Vendor: Meshtastic
Status: Meshtastic Firmware
Vendor: CVE Published:; 7 October 2024

What is CVE-2024-47079?

The Meshtastic firmware, designed for open-source, off-grid mesh networking, contains a flaw whereby remote hardware control messages are not adequately validated for authenticity. This oversight can potentially allow unauthorized message processing, leading to trust issues within the network. Users are highly encouraged to update to version 2.5.1 or later, as no alternative workarounds exist to mitigate this vulnerability.

References

https://github.com/meshtastic/firmware/security/advisorie...

Timeline

Vulnerability published
Oct 7, 2024