U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2024-43814

Change History

CVE Modified by ICS-CERT 10/17/2024 2:15:04 PM

Action Type Old Value New Value
Changed Description 
goTenna Pro ATAK Plugin by default enables frequent unencrypted 
Position, Location and Information (PLI) transmission. This transmission
 is done without user's knowledge, revealing the exact location 
transmitted in unencrypted form.
 
The goTenna Pro ATAK Plugin's default settings are to share Automatic 
Position, Location, and Information (PLI) updates every 60 seconds once 
the plugin is active and goTenna is connected. Users that are unaware of
 their settings and have not activated encryption before a mission may 
accidentally broadcast their location unencrypted. It is advised to 
verify PLI settings are the desired rate and activate encryption prior 
to mission. Update to the latest Plugin to disable this default setting.