| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-55292 | In Meshtastic, an attacker can spoof licensed amateur flag for a node | meshtastic | firmware | High | 8.2 | 2026-01-27 23:28:29 | Deep Dive |
| CVE-2025-53627 | Meshtastic firmware allows forged DMs with no PKC to show up as encrypted | meshtastic | firmware | Medium | 5.3 | 2025-12-29 16:18:30 | Deep Dive |
| CVE-2025-55293 | Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB | meshtastic | firmware | Critical | 9.4 | 2025-08-18 17:24:35 | Deep Dive |
| CVE-2024-47065 | Traceroute_APP responses are not rate-limited. | meshtastic | firmware | - | - | 2025-07-11 17:00:44 | Deep Dive |
| CVE-2025-53637 | Meshtastic allows Command Injection in GitHub Action | meshtastic | firmware | Medium | 4.1 | 2025-07-10 21:31:44 | Deep Dive |
| CVE-2025-24798 | Meshtastic crashes via an unimplemented routing module reply | meshtastic | firmware | Medium | 4.3 | 2025-07-10 21:22:30 | Deep Dive |
| CVE-2025-52883 | Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted | meshtastic | Meshtastic-Android | Medium | 5.3 | 2025-06-24 20:13:00 | Deep Dive |
| CVE-2025-52464 | Meshtastic Repeated Public and Private Keypairs | meshtastic | firmware | - | - | 2025-06-19 15:10:18 | Deep Dive |
| CVE-2025-24797 | Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow | meshtastic | firmware | Critical | 9.4 | 2025-04-14 23:25:19 | Deep Dive |
| CVE-2025-21608 | Forged packets over MQTT can show up in direct messages in Meshtastic firmware | meshtastic | firmware | 中危 | - | 2025-02-18 18:17:29 | Deep Dive |
| CVE-2024-51500 | Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware | meshtastic | firmware | Medium | 5.3 | 2024-11-04 23:00:32 | Deep Dive |
| CVE-2024-47079 | Unauthorized usage of remote hardware module because of missing channel verification | meshtastic | firmware | Medium | 6.4 | 2024-10-07 19:55:51 | Deep Dive |
| CVE-2024-47078 | Meshtastic firmware Authentication/Authorization Bypass via MQTT | meshtastic | firmware | High | 8.1 | 2024-09-25 15:32:38 | Deep Dive |
| CVE-2024-45038 | Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware | meshtastic | firmware | High | 7.5 | 2024-08-27 20:36:35 | Deep Dive |