AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-3681: Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recov

criticalvulnerability

security

Source: NVD/CVE DatabaseJuly 31, 2020CVE-2020-3681

Summary

CVE-2020-3681 is a vulnerability in HPAV2 systems where attackers can create fake authenticated and encrypted messages (MMEs, or multimedia messages) and send them remotely by extracting a secret key (jailbreak key) from the system's code. This happens because the system uses a broken or risky cryptographic algorithm (a weak method for encoding data securely).

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-327

CAPEC (Attack Pattern)

CAPEC-20

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-3681

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%