goTenna Mesh Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

A vulnerability exists in goTenna Mesh devices running the goTenna App version 5.5.3 and firmware 1.1.12. By default, the Group ID (GID) assigned to users is their phone number, unless they opt out. This default setting exposes sensitive personal information that can be linked to individuals. Furthermore, the application fails to encrypt the GID when transmitted in messages, leaving it vulnerable to interception.

Impact

Exploitation of this vulnerability allows for the cleartext transmission of sensitive information, specifically the user's phone number, which can be intercepted and potentially misused.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

goTenna Mesh Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating