PatchSiren cyber security CVE debrief
CVE-2024-47127 goTenna CVE debrief
CVE-2024-47127 is a medium-severity vulnerability (CVSS 6.5) in the goTenna Pro App that enables message injection attacks against goTenna mesh networks. Published by CISA on September 26, 2024, and updated on October 17, 2024, this vulnerability allows an attacker with a software-defined radio to inject arbitrary messages with spoofed GIDs and callsigns into existing mesh networks. The attack is viable when devices operate without encryption or when cryptographic protections have already been compromised. The vulnerability affects goTenna Pro App versions 1.6.1 and earlier on both Android and iOS platforms. The attack vector is adjacent network-based, requiring proximity to the mesh network but no privileges or user interaction. Successful exploitation results in high confidentiality impact through message interception and injection, though integrity and availability impacts are not rated. CISA and goTenna recommend immediate update to version 2.0.3 or greater, implementation of QR code-based encryption key exchange, use of discreet callsigns, regular key rotation, and layered encryption for team communications.
- Vendor
- goTenna
- Product
- Pro
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-26
- Original CVE updated
- 2024-10-17
- Advisory published
- 2024-09-26
- Advisory updated
- 2024-10-17
Who should care
Organizations using goTenna Pro X and Pro X2 devices for tactical, emergency response, or off-grid communications; security teams responsible for RF and mesh network security; incident responders operating in environments where goTenna mesh networks are deployed; and procurement officers evaluating secure communications equipment for field operations.
Technical summary
The goTenna Pro App (≤1.6.1) contains a vulnerability allowing attackers with software-defined radio equipment to inject crafted messages with arbitrary GIDs and callsigns into operational mesh networks. The vulnerability stems from insufficient message authentication when encryption is disabled or cryptographic keys are compromised. The attack requires adjacent network access (RF proximity) but no authentication or user interaction. Exploitation enables spoofing of legitimate network participants and interception of network traffic. The CVSS 3.1 score of 6.5 (Medium) reflects high confidentiality impact with adjacent attack vector and low attack complexity. Remediation centers on app updates to v2.0.3+ and operational security measures including QR-based key exchange, key rotation, and layered encryption.
Defensive priority
medium
Recommended defensive actions
- Update goTenna Pro App to version 2.0.3 or greater on all Android and iOS devices
- Share encryption keys via QR code scanning rather than over-the-air transmission to prevent interception
- Use discreet callsigns and key names that do not reveal location, team size, or operational details
- Implement regular encryption key rotation following industry best practices
- Apply layered encryption for communications with individuals and teams
- When broadcasting keys is necessary, reduce transmit power to 0.5 Watts and operate from secured areas
- Secure all end-user devices with encryption and ensure regular software updates
- Contact goTenna Pro support at [email protected] for assistance with secure operating procedures
Evidence notes
Advisory ICSA-24-270-04 (Update A) published 2024-09-26, modified 2024-10-17. CVSS 3.1 vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. Affected product: goTenna Pro App ≤1.6.1. Remediation: Android Pro v2.0.3+, iOS Pro v2.0.3+.
Official resources
-
CVE-2024-47127 CVE record
CVE.org
-
CVE-2024-47127 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-26