CVE-2020-10283

Name of the Vulnerable Software and Affected Versions MAVLink versions prior to 2.0

Description The issue concerns the negotiation of the MAVLink protocol version between the Ground Control Station (GCS) and the autopilot. An attacker can manipulate the negotiation process to force the autopilot to use version 1.0 of the protocol, which lacks authentication capabilities. This allows attackers to bypass authentication and directly interact with the autopilot.

Recommendations For MAVLink versions prior to 2.0, consider disabling the AUTOPILOT VERSION message negotiation until a patch is available, and restrict access to the autopilot to minimize the risk of exploitation.