Ghost Robotics Vision 60 MAVLink Command Injection Vulnerability Allowing Unauthorized Control

Vulnerability

A vulnerability in the communication protocol of Ghost Robotics Vision 60, version 0.27.2, could enable an attacker to gain unauthorized full control of the robot. This is achieved by sending commands from an external attack station, impersonating the control station (tablet). The vulnerability arises from the lack of encryption and authentication in the communication protocol, which is based on MAVLink. This flaw allows attackers to capture and replicate legitimate traffic between the robot and the controller, sending any valid command from an attacking device. The robot can be connected remotely via Wi-Fi or 4G/LTE.

Impact

Exploitation of this vulnerability allows for unauthorized control of the robot, potentially leading to physical damage to the robot or its environment.

Added: Oct 22, 2025, 9:17 AM

Updated: Oct 22, 2025, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ghost Robotics Vision 60 MAVLink Command Injection Vulnerability Allowing Unauthorized Control

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating