Approved changes feed: RSS · Atom

cpe:2.3:a:gotenna:pro_atak_plugin:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorGotenna (04dc2b99-45b6-5512-bd24-ced62841f7d2)
ProductPro Atak Plugin (0c3f9d09-bef1-5a1b-a83c-42ed53f813e3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-45838 vulnerable 2026-06-08 06:48:09.640492 goTenna Pro ATAK Plugin Cleartext Transmission of Sensitive Information
MEDIUM (4.3)
The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation
Published: 2024-09-26T17:31:45.575Z
Updated: 2024-10-17T16:54:51.865Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-45723 vulnerable 2026-06-08 06:48:08.957810 goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator
MEDIUM (6.5)
The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an encryption key, so it is advised to share the key with local QR code for higher security operations.
Published: 2024-09-26T17:37:26.917Z
Updated: 2024-10-17T16:56:55.574Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-45374 vulnerable 2026-06-08 06:48:05.999666 goTenna Pro ATAK Plugin Weak Password Requirements
MEDIUM (5.3)
The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is advised to use local QR encryption key sharing for additional security on this and previous versions.
Published: 2024-09-26T17:08:13.256Z
Updated: 2025-03-12T21:17:01.057Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-43814 vulnerable 2026-06-08 06:45:53.089038 goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data
MEDIUM (4.3)
The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally broadcast their location unencrypted. It is advised to verify PLI settings are the desired rate and activate encryption prior to mission. Update to the latest Plugin to disable this default setting.
Published: 2024-09-26T17:48:06.316Z
Updated: 2024-10-17T17:06:00.394Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-43694 vulnerable 2026-06-08 06:45:52.878204 goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information
MEDIUM (4.3)
In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.
Published: 2024-09-26T17:25:52.840Z
Updated: 2024-09-26T18:26:54.248Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-43108 vulnerable 2026-06-08 06:45:49.588785 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-41931 vulnerable 2026-06-08 06:43:55.686032 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-41722 vulnerable 2026-06-08 06:43:54.990098 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-41715 vulnerable 2026-06-08 06:43:54.956194 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.