Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware
Vulnerability Description
Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could craft a packet to be from that address which would result in an amplification of this one message into every node on the network sending multiple messages. Such an attack could result in degraded network performance for all users as the available bandwidth is consumed. This issue has been addressed in release version 2.5.6. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
对特殊元素的转义处理不恰当
Vulnerability Title
Meshtastic device firmware 安全漏洞
Vulnerability Description
Meshtastic device firmware是Meshtastic开源的一种用于 Meshtastic 设备运行开源、离网、去中心化网状网络的固件。 Meshtastic device firmware 2.5.6版本之前存在安全漏洞,该漏洞源于Meshtastic固件不会检查声称来自特殊广播地址的数据包,这可能会导致意外行为并可能对网络造成分布式拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A