CRITICALCVE-2026-3893Published 2026-04-28Modified 2026-04-29CNA icscert

CVE-2026-3893: Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.

CVSS v3.1: 9.4
Severity: CRITICAL
Fixed in: 1.4.0
Affected Products: 1

Fix available

1.4.0

Affected packages

Carlson Software / VASCO-B GNSS Receiver
< 1.4.0 (from 0)
Fixed in 1.4.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

References

carlsonsw.com
cve.org
github.com

Metrics

Fix available