Every CVE whose affected-product data names Gotenna Gotenna Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2024-47130 — CVSS 8.8 (high): The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is…
CVE-2024-47125 — CVSS 8.1 (high): The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to…
CVE-2024-47126 — CVSS 6.5 (medium): The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it…
CVE-2024-47127 — CVSS 6.5 (medium): In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a…
CVE-2024-47123 — CVSS 5.3 (medium): The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This…
CVE-2024-47121 — CVSS 5.3 (medium): The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is…
CVE-2024-47122 — CVSS 4.3 (medium): In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). This allows for complete…
CVE-2024-47128 — CVSS 4.3 (medium): The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is…
CVE-2024-47129 — CVSS 4.3 (medium): The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to…
CVE-2024-47124 — CVSS 4.3 (medium): The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this…