RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0
CVE-2020-10281

7.5HIGH

Key Information:

Vendor: Unspecified
Status: Mavlink
Vendor: CVE Published:; 3 July 2020

🔔 Create Unspecified Vulnerability Alert

What is CVE-2020-10281?

This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic.

Affected Version(s)

MAVLink v2.0 and before

References

https://docs.google.com/document/d/1XtbD0ORNkhZ8eKrsbSIZN...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2020
Vulnerability Reserved
Mar 10, 2020

Credit

None