goTenna Mesh Custom Encryption Vulnerability Allowing Message Manipulation

Vulnerability

A vulnerability exists in goTenna Mesh devices running app version 5.5.3 and firmware 1.1.12. The issue arises from a custom encryption implementation that lacks proper integrity checks, making it possible for an attacker to alter messages. This vulnerability was reported to goTenna in 2017 and 2018, but the company discontinued support for goTenna Mesh in 2024.

Impact

Exploitation of this vulnerability allows for the manipulation of messages sent between devices on the goTenna Mesh network.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

goTenna Mesh Custom Encryption Vulnerability Allowing Message Manipulation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating