CVE-2024-47121: Weak Passwords Requirements in goTenna Pro
Description
The goTenna Pro App uses a weak password for sharing encryption keys via
the key broadcast method. If the broadcasted encryption key is captured
over RF, and password is cracked via brute force attack, it is possible
to decrypt it and use it to decrypt all future and past messages sent
via encrypted broadcast with that particular key. This only applies when
the key is broadcasted over RF. This is an optional feature, so it is
recommended to use local QR encryption key sharing for additional
security on this and previous versions.
Classification
CVE ID: CVE-2024-47121
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.0
CVSS Vector: CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Problem Types
CWE-521 Weak Password RequirementsAffected Products
Vendor: goTenna
Product: Pro
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 2.83% (scored less or equal to compared to others)
EPSS Date: 2025-05-31 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-47121https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04