#Meshtastic full disclose 0-day, based.
After sending a packet claiming an empty pubkey of a known node, a second packet can set the pubkey to an arbitrary (attacker-controlled) value.
#Meshtastic full disclose 0-day, based.
After sending a packet claiming an empty pubkey of a known node, a second packet can set the pubkey to an arbitrary (attacker-controlled) value.
The one good thing about a bug such as this is that a lot of people keep their nodes off of the internet, and so there's less exploit surface. But I'm definitely glad it's been fixed.
