CVE-2020-10282

Name of the Vulnerable Software and Affected Versions MAVLink version 1.0

Description The Micro Air Vehicle Link (MAVLink) protocol lacks an authentication mechanism in version 1.0, leading to potential attacks such as identity spoofing, unauthorized access, and PITM attacks. Version 2.0 optionally allows for package signing, which mitigates this issue. However, the authentication system in version 2.0 is based on HMAC and requires the use of the same symmetric key in all devices on the network. If a device and its symmetric key are compromised, the entire authentication system may be unreliable.

Recommendations For MAVLink version 1.0, consider upgrading to version 2.0 to utilize the optional package signing feature, which can help mitigate the lack of authentication. For MAVLink version 2.0, ensure that the same symmetric key is used in all devices on the network to maintain the reliability of the authentication system. As a temporary workaround, restrict access to the network to minimize the risk of exploitation.