CVE-2024-51500
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-51500 affects the Meshtastic firmware, which is used in the Meshtastic project. This vulnerability arises from the firmware's failure to verify packets claiming to originate from the broadcast address (0xFFFFFFFF). Malicious actors can exploit this weakness by crafting packets from this address, leading to an amplification of their message throughout the network, potentially causing DDoS attacks and degraded network performance for all users. The issue has been rectified in version 2.5.6, and all users are strongly encouraged to upgrade as soon as possible. At present, there are no known workarounds for this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Meshtastic Firmware
Affected Vendors
- Meshtastic LLC