Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized usage of remote hardware module because of missing channel verification
Vulnerability Description
Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Meshtastic device firmware 数据伪造问题漏洞
Vulnerability Description
Meshtastic device firmware是Meshtastic开源的一种用于 Meshtastic 设备运行开源、离网、去中心化网状网络的固件。 Meshtastic 2.5.1之前版本存在数据伪造问题漏洞,该漏洞源于远程硬件模块没有检查收到的远程硬件控制消息是不是有效。
CVSS Information
N/A
Vulnerability Type
N/A