CVE-2024-47079

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47079

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47079.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47079

Aliases

GHSA-h8mh-p4r3-4jv7

Downstream

UBUNTU-CVE-2024-47079

Published

2024-10-07T19:55:51Z

Modified

2025-10-21T02:36:24Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator

Summary

Unauthorized usage of remote hardware module because of missing channel verification

Details

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/meshtastic/firmware/security/advisories/GHSA-h8mh-p4r3-4jv7

Affected packages

Git /

Affected ranges

Database specific

unresolved_versions

[
    {
        "type": "",
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.5.1"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47079.json"