CVE-2024-41722

EUVD-2024-39166
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it 
possible to inject any custom message with any GID and Callsign using a 
software defined radio in existing goTenna mesh networks. This 
vulnerability can be exploited if the device is being used in an 
unencrypted environment or if the cryptography has already been 
compromised. It is advised to use encryption shared with local QR code 
for higher security operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
icscertCNA
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
gotennagotenna
𝑥
< 2.0.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05