firmware — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in firmware, with AI-generated Chinese analysis, references, and POCs.

Vendor: meshtastic

CVE ID	Title	CVSS	Severity	Published
CVE-2025-55292	In Meshtastic, an attacker can spoof licensed amateur flag for a node CWE-348	8.2	High	2026-01-27
CVE-2025-53627	Meshtastic firmware allows forged DMs with no PKC to show up as encrypted CWE-1287	5.3	Medium	2025-12-29
CVE-2025-55293	Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB CWE-287	9.4	Critical	2025-08-18
CVE-2024-47065	Traceroute_APP responses are not rate-limited. CWE-799	5.3^AI	Medium^AI	2025-07-11
CVE-2025-53637	Meshtastic allows Command Injection in GitHub Action CWE-78	4.1	Medium	2025-07-10
CVE-2025-24798	Meshtastic crashes via an unimplemented routing module reply CWE-617	4.3	Medium	2025-07-10
CVE-2025-52464	Meshtastic Repeated Public and Private Keypairs CWE-331	6.5^AI	Medium^AI	2025-06-19
CVE-2025-24797	Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow CWE-119	9.4	Critical	2025-04-14
CVE-2025-21608	Forged packets over MQTT can show up in direct messages in Meshtastic firmware CWE-668	5.3	-	2025-02-18
CVE-2024-51500	Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware CWE-138	5.3	Medium	2024-11-04
CVE-2024-47079	Unauthorized usage of remote hardware module because of missing channel verification CWE-345	6.4	Medium	2024-10-07
CVE-2024-47078	Meshtastic firmware Authentication/Authorization Bypass via MQTT CWE-287	8.1	High	2024-09-25
CVE-2024-45038	Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware CWE-755	7.5	High	2024-08-27

All 13 known CVE vulnerabilities affecting firmware with full Chinese analysis, references, and POCs where available.