CVE Catalog

CVE-2026-3893

CriticalCVSS 9.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile — higher than 29% of all known CVEs

Summary

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.

Risk Assessment

The lack of authentication poses a significant risk to organizations, enabling attackers to manipulate critical device settings, potentially leading to disruptions in GNSS-based systems.

Recommendation

It is recommended to implement authentication mechanisms and restrict access to the GNSS receiver to authorized users only.

Original NVD description (English source)

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS