📦 Meshtastic Firmware

This vulnerability allows an attacker to impersonate legitimate nodes in a Meshtastic mesh network by manipulating public key assignments. Attackers can first send a NodeInfo packet with an empty publ...

CVE-2025-24797 is a critical buffer overflow vulnerability in Meshtastic firmware that allows unauthenticated attackers to execute arbitrary code on affected devices. The vulnerability occurs when dev...

This vulnerability allows attackers to impersonate legitimate nodes in Meshtastic mesh networks by forging NodeInfo packets that claim HAM mode is enabled. This downgrades security by forcing other no...

This vulnerability in Meshtastic firmware allows attackers to decrypt direct messages when they have compiled a list of compromised cryptographic keys. It affects users running Meshtastic firmware ver...

CVE-2024-47078 is an authentication and authorization bypass vulnerability in Meshtastic's MQTT implementation that allows unauthorized control of MQTT-connected nodes. This affects all Meshtastic use...

This CVE describes a denial-of-service vulnerability in Meshtastic device firmware's MQTT handling. Attackers can crash devices by sending malicious MQTT messages, disrupting mesh network communicatio...

This CVE describes a downgrade attack vulnerability in Meshtastic firmware where direct messages can be silently decrypted using legacy symmetric encryption instead of the intended PKI encryption. Use...

This vulnerability in Meshtastic allows attackers to abuse traceroute functionality to force remote nodes to continuously respond, enabling rapid collection of SNR measurements that can compromise pos...

This CVE describes a command injection vulnerability in Meshtastic's GitHub Actions workflow that allows attackers to execute arbitrary code in the CI/CD pipeline. Attackers who fork the repository an...