Main Vulnerability Database Vulnerabilities #VU97769

#VU97769 Weak password requirements in goTenna Pro App for Android and goTenna Pro App for iOS - CVE-2024-47121

Published: September 30, 2024

Vulnerability identifier: #VU97769

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-47121

CWE-ID: CWE-521

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
goTenna Pro App for Android
goTenna Pro App for iOS

Software vendor:
goTenna

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to weak password requirements for the QR broadcast message. A remote attacker on the local network can decrypt the QR broadcast message and use it to decrypt all future and past messages sent via encrypted broadcast.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04