CVE-2024-45038

Summary

CVE-2024-45038 is a denial of service vulnerability affecting the Meshtastic device firmware, which is used to create decentralized mesh networks on low-power devices. The vulnerability arises from improper handling of MQTT messages, potentially leading to significant availability impact for affected devices. Users are strongly advised to upgrade to version 2.4.1 or later of the Meshtastic firmware, especially those utilizing privately hosted MQTT servers, as there are no available workarounds. This vulnerability has a high base severity score of 7.5 and an exploitability score of 3.9, indicating low complexity and no required user interaction for exploitation. Failure to apply the update could leave organizations vulnerable to service disruptions in their mesh network operations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.