1. Home
  2. CVE Database
  3. CVE-2024-47121
MEDIUM · 5.3

CVE-2024-47121

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force atta...

Vulnerability Description

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
GotennaGotenna Pro< 2.0.3

Related Weaknesses (CWE)

CWE-521

References

FAQ

What is CVE-2024-47121?

CVE-2024-47121 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force atta...

How severe is CVE-2024-47121?

CVE-2024-47121 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47121?

Check the references section above for vendor advisories and patch information. Affected products include: Gotenna Gotenna Pro.