How severe is CVE-2020-10283?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-10283?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2020-10283

HIGH Year: 2020

CVSS v3 Score

8.1

High

CVSS v2 Score

7.5

High

Weakness Type

CWE-288

View all →

Vulnerability Description

The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly.

CVE-2019-3758

HIGH

CVSS:8.1(High)

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthentica...

CWE-2882019

CVE-2022-23724

HIGH

CVSS:8.1(High)

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To...

CWE-2882022

CVE-2024-11178

HIGH

CVSS:8.1(High)

The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or tim...

CWE-2882024

CVE-2024-7628

HIGH

CVSS:8.1(High)

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose com...

CWE-2882024

CVE-2024-9861

HIGH

CVSS:8.1(High)

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being ...

CWE-2882024

CVE-2025-0749

HIGH

CVSS:8.1(High)

The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is ...

CWE-2882025

CVE-2020-10283

Vulnerability Description

Related Vulnerabilities

CVE-2019-3758

CVE-2022-23724

CVE-2024-11178

CVE-2024-7628

CVE-2024-9861

CVE-2025-0749