Approved changes feed: RSS · Atom

cpe:2.3:o:gotenna:mesh_firmware:0.25.5:*:*:*:*:*:*:*

part: o version: 0.25.5 update: *

VendorGotenna (04dc2b99-45b6-5512-bd24-ced62841f7d2)
ProductMesh Firmware (8690ce00-af8e-544b-aa17-1cb9c818200b)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-32889 vulnerable 2026-06-08 07:19:00.939990 Details available
HIGH (7.3)
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app.
Published: 2025-05-01T00:00:00.000Z
Updated: 2025-05-01T18:52:25.319Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-32887 vulnerable 2026-06-08 07:19:00.939286 Details available
HIGH (7.1)
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping.
Published: 2025-05-01T00:00:00.000Z
Updated: 2025-05-01T19:19:41.743Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-32886 vulnerable 2026-06-08 07:19:00.938902 Details available
MEDIUM (4)
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.
Published: 2025-05-01T00:00:00.000Z
Updated: 2025-05-01T19:26:19.888Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-32885 vulnerable 2026-06-08 07:19:00.938480 Details available
MEDIUM (6.5)
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised.
Published: 2025-05-01T00:00:00.000Z
Updated: 2025-05-01T19:28:49.157Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-32882 vulnerable 2026-06-08 07:19:00.935403 Details available
MEDIUM (5.3)
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
Published: 2025-05-01T00:00:00.000Z
Updated: 2025-05-01T19:49:08.079Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-32881 vulnerable 2026-06-08 07:19:00.933513 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.