CVE-2024-47128

The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*

History

17 Oct 2024, 18:15

Type Values Removed Values Added
Summary (en) The goTenna Pro broadcast key name is always sent unencrypted and could reveal the location of operation. (en) The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations.

07 Oct 2024, 18:00

Type Values Removed Values Added
CPE cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*

04 Oct 2024, 19:17

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 - Third Party Advisory, US Government Resource
First Time Gotenna
Gotenna gotenna Pro
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:*

30 Sep 2024, 12:46

Type Values Removed Values Added
Summary
  • (es) El nombre de la clave de transmisión de goTenna Pro siempre se envía sin cifrar y podría revelar la ubicación de la operación.

26 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 18:15

Updated : 2024-10-17 18:15


NVD link : CVE-2024-47128

Mitre link : CVE-2024-47128

CVE.ORG link : CVE-2024-47128


JSON object : View

Products Affected

gotenna

  • gotenna_pro
CWE
NVD-CWE-noinfo CWE-201

Insertion of Sensitive Information Into Sent Data