Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch.
References
Link | Resource |
---|---|
https://github.com/meshtastic/firmware/security/advisories/GHSA-vqcq-wjwx-7252 | Third Party Advisory |
Configurations
History
01 Oct 2024, 18:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:meshtastic:meshtastic_firmware:*:*:*:*:*:*:*:* | |
References | () https://github.com/meshtastic/firmware/security/advisories/GHSA-vqcq-wjwx-7252 - Third Party Advisory | |
First Time |
Meshtastic
Meshtastic meshtastic Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-25 16:15
Updated : 2024-10-01 18:29
NVD link : CVE-2024-47078
Mitre link : CVE-2024-47078
CVE.ORG link : CVE-2024-47078
JSON object : View
Products Affected
meshtastic
- meshtastic_firmware