A critical authentication bypass vulnerability in the Carlson VASCO-B GNSS Receiver allows unauthenticated attackers to fully control the device.

This is an authentication bypass vulnerability due to a complete lack of an authentication mechanism. An attacker with network access can directly interface with the device to modify its operational functions and configuration.

The CVSS score of 9.4 highlights the critical risk of this vulnerability. An attacker could tamper with critical GNSS data, leading to operational disruption, safety risks in navigation, or unauthorized control over the receiver's output.

Immediate Action: Apply the latest firmware update provided by Carlson to enable authentication mechanisms.

Proactive Monitoring: Monitor network access logs for connections to the receiver from unauthorized IP addresses.

Compensating Controls: Isolate the GNSS receiver on a dedicated, non-routable management network to prevent unauthorized access.

Public Exploit Available: No

Given the critical nature of the vulnerability, it is imperative to secure the device by applying the vendor-provided patch. If patching is delayed, immediate network isolation of the device is required to mitigate the risk of unauthorized access.