Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Traceroute_APP responses are not rate-limited.
Vulnerability Description
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1.
CVSS Information
N/A
Vulnerability Type
交互频率的控制不恰当
Vulnerability Title
Meshtastic 安全漏洞
Vulnerability Description
Meshtastic是Meshtastic开源的一种去中心化无线离网网状网络 LoRa 协议。 Meshtastic 2.5.1之前版本存在安全漏洞,该漏洞源于远程节点的traceroute响应未限制速率,可能导致位置机密性问题。
CVSS Information
N/A
Vulnerability Type
N/A