CVE-2024-47065
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-11

Last updated on: 2025-08-22

Assigner: GitHub, Inc.

Description
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-11
Last Modified
2025-08-22
Generated
2026-05-07
AI Q&A
2025-07-11
EPSS Evaluated
2026-05-05
NVD
CVE-2024-47065
EUVD
EUVD-2024-54776
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
meshtastic meshtastic_firmware to 2.5.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-799 The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Meshtastic prior to version 2.5.1 involves traceroute responses from remote nodes not being rate limited. Because each received transmission includes SNR measurements, an attacker can reliably and continuously trigger responses from a remote station, collecting many samples in a short time (about 2 minutes) instead of hours or days. This also allows a reflected denial-of-service (DoS) attack on the network, but the main concern is the compromise of positional confidentiality.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing an attacker to rapidly gather signal-to-noise ratio (SNR) data from your remote nodes, compromising positional confidentiality. Additionally, it enables a reflected denial-of-service (DoS) attack on the network, potentially disrupting network availability.


What immediate steps should I take to mitigate this vulnerability?

Upgrade Meshtastic to version 2.5.1 or later, as this version includes a fix that rate limits traceroute responses from remote nodes, mitigating the vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart