GCVE - cpe:2.3:a:gotenna:gotenna:5.5.3:*:*:*:*:-:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gotenna:gotenna:5.5.3:*:*:*:*:-:*:*

part: a version: 5.5.3 update: *

Vendor	Gotenna (`04dc2b99-45b6-5512-bd24-ced62841f7d2`)
Product	Gotenna (`56899642-e495-514b-96d8-903af3e1fb0d`)
Edition	*
Language	*
Software edition	*
Target software	-
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-32890`	vulnerable	2026-06-08 07:19:00.946986	Details available MEDIUM (5.3) An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. Published: 2025-05-01T00:00:00.000Z Updated: 2025-05-01T18:49:46.775Z Open on db.gcve.eu Reference links https://gotenna.com https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-32889`	vulnerable	2026-06-08 07:19:00.940131	Details available HIGH (7.3) An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app. Published: 2025-05-01T00:00:00.000Z Updated: 2025-05-01T18:52:25.319Z Open on db.gcve.eu Reference links https://gotenna.com https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-32888`	vulnerable	2026-06-08 07:19:00.939731	Details available HIGH (7.3) An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app. Published: 2025-05-01T00:00:00.000Z Updated: 2025-05-01T19:11:36.218Z Open on db.gcve.eu Reference links https://gotenna.com https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-32887`	vulnerable	2026-06-08 07:19:00.939329	Details available HIGH (7.1) An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping. Published: 2025-05-01T00:00:00.000Z Updated: 2025-05-01T19:19:41.743Z Open on db.gcve.eu Reference links https://gotenna.com https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-32886`	vulnerable	2026-06-08 07:19:00.938944	Details available MEDIUM (4) An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data. Published: 2025-05-01T00:00:00.000Z Updated: 2025-05-01T19:26:19.888Z Open on db.gcve.eu Reference links https://gotenna.com https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-32885`	vulnerable	2026-06-08 07:19:00.938610	Details available MEDIUM (6.5) An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. Published: 2025-05-01T00:00:00.000Z Updated: 2025-05-01T19:28:49.157Z Open on db.gcve.eu Reference links https://gotenna.com https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-32884`	vulnerable	2026-06-08 07:19:00.937932	Details available MEDIUM (4.3) An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages. Published: 2025-05-01T00:00:00.000Z Updated: 2025-05-01T19:33:18.573Z Open on db.gcve.eu Reference links https://gotenna.com https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-32882`	vulnerable	2026-06-08 07:19:00.935582	Details available MEDIUM (5.3) An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. Published: 2025-05-01T00:00:00.000Z Updated: 2025-05-01T19:49:08.079Z Open on db.gcve.eu Reference links https://gotenna.com https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-32881`	vulnerable	2026-06-08 07:19:00.935008	Details available MEDIUM (4.3) An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages. Published: 2025-05-01T00:00:00.000Z Updated: 2025-05-01T19:52:45.382Z Open on db.gcve.eu Reference links https://gotenna.com https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.