CVE-2025-32881

Medium CVSS: 4.3

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.

Vendor

Gotenna

Product

Mesh Firmware

CWE

CWE-319

Yayın Tarihi

2025-05-01 18:15:54

Güncelleme

2025-06-20 16:53:44

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-319 Mesh Firmware MEDIUM Gotenna 2025

Referanslar

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities https://gotenna.com

Benzer Kayıtlar

High

CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sendin…

Medium

CVE-2025-32890

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of e…

High

CVE-2025-32888

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for send…

Medium

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation o…

Medium

CVE-2025-32884

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phon…

Medium

CVE-2025-32885

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inj…