CVE-2020-10281 HIGH

CVE-2020-10281: RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0

Vendor Unspecified
Product MAVLink
Weakness CWE-319 · Cleartext transmission
Published July 3, 2020
Last update September 16, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic.

Key dates

02Disclosure timeline

July 3, 2020 CVE published
September 16, 2024 Record updated