1. Home
  2. CVE Database
  3. CVE-2024-47079
MEDIUM · 6.4

CVE-2024-47079

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project...

Vulnerability Description

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
HIGH

Affected Products

VendorProductVersions
MeshtasticMeshtastic Firmware< 2.5.1

Related Weaknesses (CWE)

CWE-345

References

FAQ

What is CVE-2024-47079?

CVE-2024-47079 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project...

How severe is CVE-2024-47079?

CVE-2024-47079 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47079?

Check the references section above for vendor advisories and patch information. Affected products include: Meshtastic Meshtastic Firmware.