goTenna V1 Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

A vulnerability exists in goTenna V1 devices running app version 5.5.3 and firmware 0.25.5. By default, the Group ID (GID) transmitted is the user's phone number, a sensitive piece of information that can be linked to individuals. The application fails to encrypt the GID in messages, leaving personal information exposed.

Impact

Exploitation of this vulnerability allows for the interception of unencrypted personal information, specifically the user's phone number, which is transmitted as the Group ID (GID) in messages.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

goTenna V1 Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating