Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

meshtastic — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting meshtastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Meshtastic is an open-source mesh networking platform enabling long-range communication between devices. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation issues, with 14 CVEs documented. Security concerns center on insecure default configurations and inadequate input validation in web interfaces. While no major public incidents have been widely reported, the platform's reliance on user-provided nodes and its decentralized nature present inherent security challenges. The project has gradually improved security practices, but users must remain vigilant about potential exploitation risks, particularly in internet-exposed deployments.

Top products by meshtastic: firmware Meshtastic-Android
CVE IDTitleCVSSSeverityPublished
CVE-2025-55292 In Meshtastic, an attacker can spoof licensed amateur flag for a node — firmwareCWE-348 8.2 High2026-01-27
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted — firmwareCWE-1287 5.3 Medium2025-12-29
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB — firmwareCWE-287 9.4 Critical2025-08-18
CVE-2024-47065 Traceroute_APP responses are not rate-limited. — firmwareCWE-799 5.3AIMediumAI2025-07-11
CVE-2025-53637 Meshtastic allows Command Injection in GitHub Action — firmwareCWE-78 4.1 Medium2025-07-10
CVE-2025-24798 Meshtastic crashes via an unimplemented routing module reply — firmwareCWE-617 4.3 Medium2025-07-10
CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted — Meshtastic-AndroidCWE-1287 5.3 Medium2025-06-24
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs — firmwareCWE-331 6.5AIMediumAI2025-06-19
CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow — firmwareCWE-119 9.4 Critical2025-04-14
CVE-2025-21608 Forged packets over MQTT can show up in direct messages in Meshtastic firmware — firmwareCWE-668 5.3 -2025-02-18
CVE-2024-51500 Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware — firmwareCWE-138 5.3 Medium2024-11-04
CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification — firmwareCWE-345 6.4 Medium2024-10-07
CVE-2024-47078 Meshtastic firmware Authentication/Authorization Bypass via MQTT — firmwareCWE-287 8.1 High2024-09-25
CVE-2024-45038 Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware — firmwareCWE-755 7.5 High2024-08-27

This page lists every published CVE security advisory associated with meshtastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.