An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app.
References
Link | Resource |
---|---|
https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities | Third Party Advisory |
https://gotenna.com | Product |
Configurations
History
20 Jun 2025, 16:38
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gotenna
Gotenna mesh Gotenna gotenna Gotenna mesh Firmware |
|
References | () https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities - Third Party Advisory | |
References | () https://gotenna.com - Product | |
CPE | cpe:2.3:h:gotenna:mesh:-:*:*:*:*:*:*:* cpe:2.3:a:gotenna:gotenna:5.5.3:*:*:*:*:-:*:* cpe:2.3:o:gotenna:mesh_firmware:1.1.12:*:*:*:*:*:*:* |
02 May 2025, 13:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 May 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-798 |
01 May 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-01 18:15
Updated : 2025-06-20 16:38
NVD link : CVE-2025-32888
Mitre link : CVE-2025-32888
CVE.ORG link : CVE-2025-32888
JSON object : View
Products Affected
gotenna
- gotenna
- mesh
- mesh_firmware
CWE
CWE-798
Use of Hard-coded Credentials