CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/meshtastic/firmware/security/advisories/GHSA-4hjx-54gf-2jh7	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:meshtastic:meshtastic_firmware:*:*:*:*:*:*:*:*

History

22 Aug 2025, 16:01

Type	Values Removed	Values Added
References	~~() https://github.com/meshtastic/firmware/security/advisories/GHSA-4hjx-54gf-2jh7 -~~	() https://github.com/meshtastic/firmware/security/advisories/GHSA-4hjx-54gf-2jh7 - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:o:meshtastic:meshtastic_firmware::::::::
First Time		Meshtastic meshtastic Firmware Meshtastic

15 Jul 2025, 13:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-11 17:15

Updated : 2025-08-22 16:01

NVD link : CVE-2024-47065

Mitre link : CVE-2024-47065

CVE.ORG link : CVE-2024-47065

JSON object : View

Products Affected

meshtastic

meshtastic_firmware

CWE

CWE-799

Improper Control of Interaction Frequency

{"id": "CVE-2024-47065", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-11T17:15:31.167", "references": [{"url": "https://github.com/meshtastic/firmware/security/advisories/GHSA-4hjx-54gf-2jh7", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-799"}]}], "descriptions": [{"lang": "en", "value": "Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1."}, {"lang": "es", "value": "Meshtastic es una soluci\u00f3n de red en malla de c\u00f3digo abierto. Antes de la versi\u00f3n 2.5.1, las respuestas de traceroute del nodo remoto no ten\u00edan l\u00edmite de velocidad. Dado que existen mediciones de relaci\u00f3n se\u00f1al/ruido (SNR) atribuidas a cada transmisi\u00f3n recibida, esta es una forma garantizada de que una estaci\u00f3n remota responda de forma fiable y continua. Se podr\u00edan obtener f\u00e1cilmente 100 muestras en poco tiempo (aproximadamente 2 minutos), mientras que hacerlo de forma pasiva podr\u00eda llevar horas o d\u00edas. Existen efectos secundarios: el traceroute sin l\u00edmite de velocidad tambi\u00e9n permite una denegaci\u00f3n de servicio reflejada 2:1 de la red, pero estos problemas son menores que el problema de la confidencialidad posicional (existen otras rutas de denegaci\u00f3n de servicio). Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 2.5.1."}], "lastModified": "2025-08-22T16:01:46.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:meshtastic:meshtastic_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E439DDC9-06DB-4E86-A0E4-4D5FF73E9870", "versionEndExcluding": "2.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}