CVE-2024-47121 MEDIUM

CVE-2024-47121: Weak Passwords Requirements in goTenna Pro

Vendor Gotenna
Product Pro
Weakness CWE-521
Published September 26, 2024
Last update May 2, 2025

CVSS base score

6.0/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions.

Key dates

02Disclosure timeline

September 26, 2024 CVE published
May 2, 2025 Record updated