Meshtastic firmware allows forged DMs with no PKC to show up as encrypted

Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an intentional decision to maintain backwards compatibility. However, the end-user applications, like Web app, iOS/Android app, and applications built on top of Meshtastic using the SDK, did not have a way to differentiate between end-to-end encrypted DMs and the legacy DMs. This creates a downgrade attack path where adversaries who know a shared channel key can craft and inject spoofed direct messages that are displayed as if they were PKC encrypted. Users are not given any feedback of whether a direct message was decrypted with PKI or with legacy symmetric encryption, undermining the expected security guarantees of the PKI rollout. Version 2.7.15 fixes this issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-1287

Meshtastic 安全漏洞

Meshtastic是Meshtastic开源的一种去中心化无线离网网状网络 LoRa 协议。 Meshtastic 2.5版本至2.7.15之前版本存在安全漏洞，该漏洞源于缺少PKI加密标志时的降级攻击路径，可能导致攻击者注入伪造的直接消息。

N/A

N/A