CVE-2025-32888

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gotenna:mesh_firmware:1.1.12:*:*:*:*:*:*:*
cpe:2.3:h:gotenna:mesh:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:gotenna:gotenna:5.5.3:*:*:*:*:-:*:*

History

20 Jun 2025, 16:38

Type Values Removed Values Added
First Time Gotenna
Gotenna mesh
Gotenna gotenna
Gotenna mesh Firmware
References () https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities - () https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities - Third Party Advisory
References () https://gotenna.com - () https://gotenna.com - Product
CPE cpe:2.3:h:gotenna:mesh:-:*:*:*:*:*:*:*
cpe:2.3:a:gotenna:gotenna:5.5.3:*:*:*:*:-:*:*
cpe:2.3:o:gotenna:mesh_firmware:1.1.12:*:*:*:*:*:*:*

02 May 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) Se detectó un problema en los dispositivos goTenna Mesh con la aplicación 5.5.3 y el firmware 1.1.12. El token de verificación utilizado para enviar SMS a través de un servidor goTenna está codificado en la aplicación.

01 May 2025, 20:15

Type Values Removed Values Added
CWE CWE-798

01 May 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-01 18:15

Updated : 2025-06-20 16:38


NVD link : CVE-2025-32888

Mitre link : CVE-2025-32888

CVE.ORG link : CVE-2025-32888


JSON object : View

Products Affected

gotenna

  • gotenna
  • mesh
  • mesh_firmware
CWE
CWE-798

Use of Hard-coded Credentials