Lucene search

MitreCVE-2023-47335

HistoryNov 16, 2023 - 6:15 a.m.

CVE-2023-47335

2023-11-1606:15:31

CWE-276

mitre

web.nvd.nist.gov

cve-2023-47335

autel robotics

evo nano

drone

security vulnerability

geo-fence

no-fly zones

nvd

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

15.5%

JSON

Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.

Affected configurations

Nvd

Node

autelroboticsevo_nano_droneMatch-

AND

autelroboticsevo_nano_drone_firmwareMatch1.6.5

VendorProductVersionCPE
autelroboticsevo_nano_drone-cpe:2.3:h:autelrobotics:evo_nano_drone:-:*:*:*:*:*:*:*
autelroboticsevo_nano_drone_firmware1.6.5cpe:2.3:o:autelrobotics:evo_nano_drone_firmware:1.6.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
autelrobotics	evo_nano_drone	-	cpe:2.3:h:autelrobotics:evo_nano_drone:-:::::::*
autelrobotics	evo_nano_drone_firmware	1.6.5	cpe:2.3:o:autelrobotics:evo_nano_drone_firmware:1.6.5:::::::*

References

github.com/czbxzm/AUTEL-smart-drones-have-a-vulnerability-to-unauthorised-breaches-of-no-fly-zone

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVE-2023-47335