CNNVD-202506-2588 Information
CNNVD ID
CNNVD-202506-2588
Related CVE
- CNNVD Published: 2025-06-19
Description (Chinese)
Meshtastic是Meshtastic开源的一种去中心化无线离网网状网络 LoRa 协议。 Meshtastic 2.5.0至2.6.11之前版本存在安全特征问题漏洞,该漏洞源于密钥生成过程中熵不足可能导致密钥泄露。
Description (English)
Meshtastic is a decentralised wireless network LoRA protocol that is an open source of Meshtastic. The previous version of Meshtastic 2.5.0 to 2.6.11 had a security feature loophole, which stemmed from a lack of entropy during the key generation process that could lead to the release of the key.
Hazard Level
Low
Vulnerability Type
安全特征问题
Affected Vendor
Meshtastic
Published
2025-06-19
Last Modified
2026-02-24
References
https://github.com/meshtastic/firmware/commit/4bf2dd04aeeccc4ba20c79bcaad7a572aabdecad https://github.com/meshtastic/firmware/commit/55b2bbf93756fc7bbbfdbc7cbf29f88e6b637f22 https://github.com/meshtastic/firmware/commit/e5f6804421ac4b76dd31980250a505dba24c2aa6 https://github.com/meshtastic/firmware/commit/e623c70bd0c2ab9db9baf04888e19d1428310bb9 https://github.com/meshtastic/firmware/security/advisories/GHSA-gq7v-jr8c-mfr7
Patch
https://github.com/meshtastic/firmware/releases
Share on: