CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

PX4-Autopilot 安全漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions prior to PX4-Autopilot 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities stemmed from logical errors in the FTP session verification of PX4 Autopilot MAVLink. As a result, unverified attackers cou...

CVE-2025-41108 Improper Authentication vulnerability in Ghost Robotics' Vision 60

The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station tablet and gaining unauthorised full control of the robot. The absence of encryption and authenticati...

CVE-2025-41108

The CVE describes Ghost Robotics Vision 60 (v0.27.2) as vulnerable due to a lack of encryption and authentication in its MAVLink-based communication protocol. This enables an external attacker to impersonate the control station and issue arbitrary commands to the robot, potentially gaining unauth...

EUVD-2020-2736

Malware in sbrugna...

EUVD-2020-2738

Malware in sbrugna...

EUVD-2020-2737

Malware in sbrugna...

A Novel Cipher for Enhancing MAVLink Security: Design, Security Analysis, and Performance Evaluation Using a Drone Testbed

We present MAVShield, a novel lightweight cipher designed to secure communications in Unmanned Aerial Vehicles UAVs using the MAVLink protocol, which by default transmits unencrypted messages between UAVs and Ground Control Stations GCS. While existing studies propose encryption for MAVLink, most...

PT-2020-12032 · Dronecode · Mavlink

Name of the Vulnerable Software and Affected Versions: MAVLink versions prior to 2.0 Description: The issue concerns the negotiation of the MAVLink protocol version between the Ground Control Station GCS and the autopilot. An attacker can manipulate the negotiation process to force the autopilot ...

CVE-2020-10282

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

CVE-2020-10281

This vulnerability applies to the Micro Air Vehicle Link MAVLink protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer and reception...

CVE-2020-10282

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

Design/Logic Flaw

This vulnerability applies to the Micro Air Vehicle Link MAVLink protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer and reception...

CVE-2020-10282 RVD#3316: No authentication in MAVLink protocol

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

CVE-2020-10281

Technical details about CVE-2020-10281 are not publicly provided in the connected documents; available sources summarize MAVLink plain-text transmission leakage, but no concrete affected versions, fixes, or exploitation specifics are present here. Monitor for updates.