CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1.

CVSS

No CVSS.

References

Link	Resource
https://github.com/meshtastic/firmware/security/advisories/GHSA-4hjx-54gf-2jh7

Configurations

No configuration.

History

15 Jul 2025, 13:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-11 17:15

Updated : 2025-07-15 13:14

NVD link : CVE-2024-47065

Mitre link : CVE-2024-47065

CVE.ORG link : CVE-2024-47065

JSON object : View

Products Affected

No product.

CWE

CWE-799

Improper Control of Interaction Frequency

{"id": "CVE-2024-47065", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-11T17:15:31.167", "references": [{"url": "https://github.com/meshtastic/firmware/security/advisories/GHSA-4hjx-54gf-2jh7", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-799"}]}], "descriptions": [{"lang": "en", "value": "Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1."}, {"lang": "es", "value": "Meshtastic es una soluci\u00f3n de red en malla de c\u00f3digo abierto. Antes de la versi\u00f3n 2.5.1, las respuestas de traceroute del nodo remoto no ten\u00edan l\u00edmite de velocidad. Dado que existen mediciones de relaci\u00f3n se\u00f1al/ruido (SNR) atribuidas a cada transmisi\u00f3n recibida, esta es una forma garantizada de que una estaci\u00f3n remota responda de forma fiable y continua. Se podr\u00edan obtener f\u00e1cilmente 100 muestras en poco tiempo (aproximadamente 2 minutos), mientras que hacerlo de forma pasiva podr\u00eda llevar horas o d\u00edas. Existen efectos secundarios: el traceroute sin l\u00edmite de velocidad tambi\u00e9n permite una denegaci\u00f3n de servicio reflejada 2:1 de la red, pero estos problemas son menores que el problema de la confidencialidad posicional (existen otras rutas de denegaci\u00f3n de servicio). Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 2.5.1."}], "lastModified": "2025-07-15T13:14:49.980", "sourceIdentifier": "security-advisories@github.com"}