How severe is CVE-2024-51500?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-51500?

This is classified as CWE-138, which is a common weakness in software security.

CVE-2024-51500 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could craft a packet to be from that address which would result in an amplification of this one message into every node on the network sending multiple messages. Such an attack could result in degraded network performance for all users as the available bandwidth is consumed. This issue has been addressed in release version 2.5.6. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2023-22288

MEDIUM

CVSS:5.4(Medium)

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails

CWE-1382023

CVE-2022-0024

HIGH

CVSS:7.2(High)

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system proces...

CWE-1382022

CVE-2016-0750

HIGH

CVSS:8.8(High)

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-craft...

CWE-1382016

CVE-2023-42117

HIGH

CVSS:8.1(High)

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentica...

CWE-1382023

CVE-2022-2429

HIGH

CVSS:8.0(High)

The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possibl...

CWE-1382022

CVE-2024-38133

HIGH

CVSS:7.8(High)

Windows Kernel Elevation of Privilege Vulnerability

CWE-1382024