top of page
perceptive_background_267k.jpg

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC addr…

Published:

27 januari 2026 om 23:00:00

Alert date:

28 januari 2026 om 01:03:02

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure

A vulnerability in Meshtastic open source mesh networking solution allows attackers to forge NodeInfo on behalf of victim nodes by abusing HAM mode which doesn't use encryption. Nodes are identified by NodeID generated from MAC address rather than public key, creating a security weakness. Attackers can overwrite NodeDB entries and force other nodes to communicate with victims using shared channel keys instead of public key cryptography. The attack can be made persistent by regularly resending forged NodeInfo messages. A patch is available in version 2.7.6.834c3c5.

Technical details

Mitigation steps:

Affected products:

Meshtastic

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-55292
https://github.com/meshtastic/firmware/commit/e5e8683cdba133e726033101586c3235a8678893
https://github.com/meshtastic/firmware/security/advisories/GHSA-45vg-3f35-7ch2

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page