CVE-2024-41722

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-1390
View all →

Vulnerability Description

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to use encryption shared with local QR code for higher security operations.

Related Vulnerabilities

CVE-2023-24890

MEDIUM
CVSS:6.5(Medium)

Microsoft OneDrive for iOS Security Feature Bypass Vulnerability

CWE-13902023

CVE-2025-21552

MEDIUM
CVSS:6.5(Medium)

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exp...

CWE-13902025

CVE-2025-26635

MEDIUM
CVSS:6.5(Medium)

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.

CWE-13902025

CVE-2025-32885

MEDIUM
CVSS:6.5(Medium)

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via...

CWE-13902025

CVE-2024-45551

MEDIUM
CVSS:6.2(Medium)

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass.

CWE-13902024

CVE-2025-24070

HIGH
CVSS:7.0(High)

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CWE-13902025