Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch.
Metrics
Affected Vendors & Products
References
History
Mon, 02 Dec 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:o:meshtastic:meshtastic_firmware:*:*:*:*:*:*:*:* |
Tue, 01 Oct 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Meshtastic meshtastic Firmware
|
|
CPEs | cpe:2.3:a:meshtastic:meshtastic_firmware:*:*:*:*:*:*:*:* | |
Vendors & Products |
Meshtastic meshtastic Firmware
|
Wed, 25 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Meshtastic
Meshtastic firmware |
|
CPEs | cpe:2.3:a:meshtastic:firmware:*:*:*:*:*:*:*:* | |
Vendors & Products |
Meshtastic
Meshtastic firmware |
|
Metrics |
ssvc
|
Wed, 25 Sep 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch. | |
Title | Meshtastic firmware Authentication/Authorization Bypass via MQTT | |
Weaknesses | CWE-287 CWE-863 |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-25T15:32:37.742Z
Updated: 2024-09-25T15:43:25.312Z
Reserved: 2024-09-17T17:42:37.030Z
Link: CVE-2024-47078
Vulnrichment
Updated: 2024-09-25T15:43:19.674Z
NVD
Status : Analyzed
Published: 2024-09-25T16:15:10.907
Modified: 2024-12-02T18:31:56.817
Link: CVE-2024-47078
Redhat
No data.