Primary

Context

Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

Vulnerability

A vulnerability exists in the Carlson VASCO-B GNSS Receiver versions prior to 1.4.0, due to the absence of an authentication mechanism. This flaw allows an attacker with network access to directly access and modify the receiver's configuration and operational functions without needing credentials. Successful exploitation could alter critical system functions or disrupt device operation.

Impact

Exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation.

Remediation

Carlson Software recommends users update to Version 1.4.0 or greater. For more information, contact Carlson Software through their support and training page.

Added: Apr 28, 2026, 9:53 PM

Updated: Apr 28, 2026, 9:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating