PX4 Autopilot Remote Code Execution: Unauthenticated MAVLink Command Injection
PX4 Autopilot v1.16.0 contains an authentication bypass in the MAVLink interface allowing unauthenticated attackers to execute arbitrary shell commands. This affects unmanned aerial systems and robotics platforms relying on PX4.
CVE References
Affected
The vulnerability represents a complete authentication failure in a critical control interface. The MAVLink protocol, the standard telemetry and command channel for PX4-based systems, lacks cryptographic verification for command execution. An attacker with network access to the MAVLink interface can inject arbitrary shell commands without providing credentials or authentication tokens, achieving immediate remote code execution with the privileges of the autopilot process.
This is particularly severe because MAVLink is designed as the primary inter-process communication mechanism between ground control stations and autopilot hardware. Many deployments expose this interface across networked connections, assuming physical isolation or trusting the network perimeter. The CVSS v3 score of 9.8 reflects the ease of exploitation (network accessible, no user interaction required, no privileges needed), combined with complete loss of confidentiality, integrity, and availability. The vulnerability affects both simulation variants and likely production autopilot builds.
Affected operators include commercial drone operators, agricultural UAV fleet managers, autonomous vehicle platforms, and research institutions using PX4. Any system running the affected version becomes a potential pivot point for lateral movement in networked robotics environments or a direct attack surface if exposed to untrusted networks. The lack of authentication also means attack attribution becomes difficult, as command sources are indistinguishable.
Immediate mitigation requires upgrading to a patched version and implementing network segmentation to restrict MAVLink interface access. Organisations unable to patch immediately should enforce strict firewall rules limiting MAVLink port access (typically UDP 14550 or 14551) to known operator addresses only. System administrators should audit their deployments to identify internet-exposed PX4 instances and review flight logs for evidence of unauthorised command injection. Defenders should monitor MAVLink traffic for anomalous commands originating from unexpected sources.
This vulnerability highlights a recurring pattern in robotics and industrial automation: control protocols designed during earlier eras of computing often assume network trust rather than implementing cryptographic command verification. The fact that a major autopilot platform shipped without authentication on critical command channels suggests insufficient security review processes for open-source projects serving safety-critical applications. Future development should mandate mutual authentication for all remote command interfaces and cryptographic signing of critical operations.
Sources