Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

meshtastic — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting meshtastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by meshtastic:firmwareMeshtastic-Android
CVE IDTitleCVSSSeverityPublished
CVE-2025-55292 In Meshtastic, an attacker can spoof licensed amateur flag for a node — firmwareCWE-348 8.2 High2026-01-27
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted — firmwareCWE-1287 5.3 Medium2025-12-29
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB — firmwareCWE-287 9.4 Critical2025-08-18
CVE-2024-47065 Traceroute_APP responses are not rate-limited. — firmwareCWE-799 5.3AIMediumAI2025-07-11
CVE-2025-53637 Meshtastic allows Command Injection in GitHub Action — firmwareCWE-78 4.1 Medium2025-07-10
CVE-2025-24798 Meshtastic crashes via an unimplemented routing module reply — firmwareCWE-617 4.3 Medium2025-07-10
CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted — Meshtastic-AndroidCWE-1287 5.3 Medium2025-06-24
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs — firmwareCWE-331 6.5AIMediumAI2025-06-19
CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow — firmwareCWE-119 9.4 Critical2025-04-14
CVE-2025-21608 Forged packets over MQTT can show up in direct messages in Meshtastic firmware — firmwareCWE-668 5.3 -2025-02-18
CVE-2024-51500 Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware — firmwareCWE-138 5.3 Medium2024-11-04
CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification — firmwareCWE-345 6.4 Medium2024-10-07
CVE-2024-47078 Meshtastic firmware Authentication/Authorization Bypass via MQTT — firmwareCWE-287 8.1 High2024-09-25
CVE-2024-45038 Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware — firmwareCWE-755 7.5 High2024-08-27

This page lists every published CVE security advisory associated with meshtastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.