CVE-2024-41931

The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*

History

17 Oct 2024, 17:15

Type Values Removed Values Added
Summary (en) The goTenna Pro ATAK Plugin broadcast key name is always sent unencrypted and could reveal the location of operation. (en) The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations.

07 Oct 2024, 18:50

Type Values Removed Values Added
First Time Gotenna
Gotenna gotenna
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 - Third Party Advisory, US Government Resource
CWE NVD-CWE-Other
CPE cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*

30 Sep 2024, 12:46

Type Values Removed Values Added
Summary
  • (es) El nombre de la clave de transmisión del complemento goTenna Pro ATAK siempre se envía sin cifrar y podría revelar la ubicación de la operación.

26 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 18:15

Updated : 2024-10-17 17:15


NVD link : CVE-2024-41931

Mitre link : CVE-2024-41931

CVE.ORG link : CVE-2024-41931


JSON object : View

Products Affected

gotenna

  • gotenna
CWE
NVD-CWE-Other CWE-201

Insertion of Sensitive Information Into Sent Data