CVE-2024-51500
MEDIUMDescription
Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could craft a packet to be from that address which would result in an amplification of this one message into every node on the network sending multiple messages. Such an attack could result in degraded network performance for all users as the available bandwidth is consumed. This issue has been addressed in release version 2.5.6. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| meshtastic | meshtastic_firmware |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-51500? +
How severe is CVE-2024-51500? +
What products are affected by CVE-2024-51500? +
How do I check if I'm vulnerable to CVE-2024-51500? +
Related Vulnerabilities
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on …
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to …
Windows Kernel Elevation of Privilege Vulnerability
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL …
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript …