6.5

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GotennaMesh Firmware Version0.25.5
   GotennaMesh Version-
GotennaGotenna Version5.5.3 SwPlatform-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.003
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cve@mitre.org 5.3 1.6 3.6
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-353 Missing Support for Integrity Check

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

https://gotenna.com
Product
https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities
Third Party Advisory