CVE-2024-51500

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 4, 2024
Updated: Nov 5, 2024
CWE ID 138
CWE ID 159

Summary

CVE-2024-51500 affects the Meshtastic firmware, which is used in the Meshtastic project. This vulnerability arises from the firmware's failure to verify packets claiming to originate from the broadcast address (0xFFFFFFFF). Malicious actors can exploit this weakness by crafting packets from this address, leading to an amplification of their message throughout the network, potentially causing DDoS attacks and degraded network performance for all users. The issue has been rectified in version 2.5.6, and all users are strongly encouraged to upgrade as soon as possible. At present, there are no known workarounds for this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Meshtastic Firmware

Affected Vendors

  • Meshtastic LLC