CVE-2023-6951
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Summary
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| DJI | Mavic 3 Pro | 0 < 01.01.0300 | affected |
| DJI | Mavic 3 | 0 < 01.00.1200 | affected |
| DJI | Mavic 3 Classic | 0 < 01.00.0500 | affected |
| DJI | Mavic 3 Enterprise | 0 < 7.01.10.03 | affected |
| DJI | Matrice 300 | 0 < 57.00.01.00 | affected |
| DJI | Matrice M30 | 0 < 07.01.0022 | affected |
| DJI | Mini 3 Pro | 0 < 01.00.0620 | affected |
Weaknesses
- CWE-334: CWE-334: Small Space of Random Values
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.