CVE-2024-41722

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it 
possible to inject any custom message with any GID and Callsign using a 
software defined radio in existing goTenna mesh networks. This 
vulnerability can be exploited if the device is being used in an 
unencrypted environment or if the cryptography has already been 
compromised. It is advised to use encryption shared with local QR code 
for higher security operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
icscertCNA
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
gotennagotenna
𝑥
< 2.0.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05