DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2026-3893

Critical

Low Medium High Critical

9.4

CVSS Score

Published: Apr 28, 2026

Last Modified: Apr 28, 2026

CWE: CWE-306

Vulnerability Description

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needing credentials.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

Severity Details

9.4

out of 10.0

Critical

Weakness Type (CWE)

CWE-306 Top 25 #16

Missing Authentication for Critical Function

Description: The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A07:2021-Identification/Auth Failures
Abstraction Level: Base