CVE-2024-41931 MEDIUM

CVE-2024-41931: goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data

Vendor Gotenna
Product Pro ATAK Plugin
Weakness CWE-201
Published September 26, 2024
Last update October 17, 2024

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations.

Key dates

02Disclosure timeline

September 26, 2024 CVE published
October 17, 2024 Record updated