In the goTenna Pro ATAK Plugin there is a vulnerability that makes it 
possible to inject any custom message with any GID and Callsign using a 
software defined radio in existing gotenna mesh networks. This 
vulnerability can be exploited if the device is being used in a 
unencrypted environment or if the cryptography has already been 
compromised.

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it 
possible to inject any custom message with any GID and Callsign using a 
software defined radio in existing goTenna mesh networks. This 
vulnerability can be exploited if the device is being used in an 
unencrypted environment or if the cryptography has already been 
compromised. It is advised to use encryption shared with local QR code 
for higher security operations.

OR
     *cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:* versions up to (excluding) 2.0.7

NIST AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

NIST NVD-CWE-Other

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 No Types Assigned

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory, US Government Resource

ICS-CERT AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ICS-CERT CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

ICS-CERT CWE-1390

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it 
possible to inject any custom message with any GID and Callsign using a 
software defined radio in existing gotenna mesh networks. This 
vulnerability can be exploited if the device is being used in a 
unencrypted environment or if the cryptography has already been 
compromised.

ICS-CERT https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 [No types assigned]