Details of VAR-202007-0164

ID

VAR-202007-0164

CVE

CVE-2020-10281

TITLE

Micro Air Vehicle Link Vulnerability in lack of encryption of critical data in protocol

Trust: 0.8

sources: JVNDB: JVNDB-2020-007647

DESCRIPTION

This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic

Trust: 1.71

sources: NVD: CVE-2020-10281 // JVNDB: JVNDB-2020-007647 // VULMON: CVE-2020-10281

IOT TAXONOMY

category:

['vehicle device']

sub_category:

drone

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	dronecode	model:	micro air vehicle link	scope:	eq	version:	-	Trust: 1.0
vendor:	dronecode	model:	micro air vehicle link protocol	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-007647 // NVD: CVE-2020-10281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10281
value:	HIGH
Trust: 1.0
cve@aliasrobotics.com:	CVE-2020-10281
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-007647
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202007-226
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-10281
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10281
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-007647
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-10281
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@aliasrobotics.com:	CVE-2020-10281
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-007647
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-10281 // JVNDB: JVNDB-2020-007647 // CNNVD: CNNVD-202007-226 // NVD: CVE-2020-10281 // NVD: CVE-2020-10281

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.0
problemtype:	CWE-311	Trust: 0.8

sources: JVNDB: JVNDB-2020-007647 // NVD: CVE-2020-10281

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-226

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-226

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007647

PATCH

title:

Community

url:

https://docs.google.com/document/d/1XtbD0ORNkhZ8eKrsbSIZNLyg9sFRXMXbsR2mp37KbIg/edit

Trust: 0.8

sources: JVNDB: JVNDB-2020-007647

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10281	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-007647	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-226	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-10281	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-10281 // JVNDB: JVNDB-2020-007647 // CNNVD: CNNVD-202007-226 // NVD: CVE-2020-10281

REFERENCES

url:	https://docs.google.com/document/d/1xtbd0ornkhz8ekrsbsiznlyg9sfrxmxbsr2mp37kbig/edit	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10281	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10281	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/311.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-10281 // JVNDB: JVNDB-2020-007647 // CNNVD: CNNVD-202007-226 // NVD: CVE-2020-10281

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2020-10281
db:	JVNDB	id:	JVNDB-2020-007647
db:	CNNVD	id:	CNNVD-202007-226
db:	NVD	id:	CVE-2020-10281

LAST UPDATE DATE

2025-01-30T21:16:46.407000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-10281	date:	2020-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-007647	date:	2020-08-19T00:00:00
db:	CNNVD	id:	CNNVD-202007-226	date:	2021-12-22T00:00:00
db:	NVD	id:	CVE-2020-10281	date:	2024-11-21T04:55:07.917

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-10281	date:	2020-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-007647	date:	2020-08-19T00:00:00
db:	CNNVD	id:	CNNVD-202007-226	date:	2020-07-03T00:00:00
db:	NVD	id:	CVE-2020-10281	date:	2020-07-03T15:15:09.777