{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57061?format=json","vulnerability_id":"VCID-dd3w-ktj5-17br","summary":"The goTenna Pro ATAK Plugin does not inject extra characters into \nbroadcasted frames to obfuscate the length of messages. This makes it \npossible to tell the length of the payload regardless of the encryption \nused.","aliases":[{"alias":"CVE-2024-41715"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41715","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18036","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41715"},{"reference_url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05","reference_id":"icsa-24-270-05","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:19:18Z/"}],"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05"}],"weaknesses":[{"cwe_id":204,"name":"Observable Response Discrepancy","description":"The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere."}],"exploits":[],"severity_range_score":"4.3 - 5.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dd3w-ktj5-17br"}