Local Access Vulnerability in goTenna v1 Devices by goTenna
CVE-2025-32886

4MEDIUM

Key Information:

Vendor: goTenna
Status: goTenna v1
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-32886?

A local access vulnerability exists in goTenna v1 devices that permits unauthorized users to intercept and access sensitive data. This issue arises from the fact that all packets transmitted over RF are also sent over UART with USB Shell. Consequently, an individual with physical access to the device can exploit this flaw to gain insights into the communication protocol and compromise the confidentiality of transmitted information. Proper security measures and access controls are essential to mitigate such risks.

References

https://gotenna.com

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnera...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 11, 2025