{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T07:21:46.894","vulnerabilities":[{"cve":{"id":"CVE-2020-10283","sourceIdentifier":"cve@aliasrobotics.com","published":"2020-08-20T09:15:11.140","lastModified":"2024-11-21T04:55:08.170","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly."},{"lang":"es","value":"El protocolo Micro Air Vehicle Link (MAVLink) presenta mecanismos de autenticación en su versión 2.0, sin embargo, de acuerdo con su documentación, para mantener la compatibilidad con versiones anteriores, GCS y autopilot negocian la versión por medio del mensaje AUTOPILOT_VERSION. Dado que esta negociación depende de la respuesta, un atacante puede diseñar paquetes de una manera que sugiera al autopilot que adopte la versión 1.0 de MAVLink para la comunicación. Dada la falta de capacidades de autenticación en dicha versión de MAVLink (refierase a CVE-2020-10282), los atacantes pueden usar este método para omitir las capacidades de autenticación e interactuar con el piloto automático directamente."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"cve@aliasrobotics.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve@aliasrobotics.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:micro_air_vehicle_link:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F56CC677-E829-48A5-B01B-9B33F13C084B"}]}]}],"references":[{"url":"https://github.com/aliasrobotics/RVD/issues/3316","source":"cve@aliasrobotics.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/aliasrobotics/RVD/issues/3316","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}}]}