Meshtastic Routing Module Crash Vulnerability

A denial-of-service vulnerability has been identified in the Meshtastic firmware routing module, present in versions 1.2.1 prior to 2.6.2. When a packet is sent with 'want_response' set to true, it triggers a crash in the routing module. This issue can disrupt service for nodes within range of the sender or via MQTT if downlink is enabled.

Impact

Exploitation of this vulnerability causes a crash in the routing module, leading to a denial-of-service condition on the affected node. If the vulnerability is exploited on a broadcast channel, it can cause similar crashes on nearby nodes. Additionally, if exploited via MQTT with downlink enabled, it can impact any connected devices on the same MQTT topic.

Reproduction

The vulnerability can be reproduced by sending a mesh packet to the routing module with the 'want_response' field set to true. This can be done using the Meshtastic Python library by establishing a TCP connection to a Meshtastic device, and then sending a packet that simulates a routing application response request. The packet should be sent as a broadcast to replicate the denial-of-service effect on nearby nodes.

Remediation

Users can upgrade to Meshtastic firmware version 2.6.2 or later to address this vulnerability.