CVE-2024-47078

Meshtastic firmware Authentication/Authorization Bypass via MQTT

Description

Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch.

INFO

Published Date :

2024-09-25T15:32:37.742Z

Last Modified :

2024-09-25T15:43:25.312Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-47078 vulnerability.

Vendors	Products
Meshtastic	Firmware Meshtastic Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47078.

URL	Resource
https://github.com/meshtastic/firmware/security/advisories/GHSA-vqcq-wjwx-7252

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact