Lucene search

[email protected]CVE-2023-6949

HistoryApr 02, 2024 - 11:15 a.m.

CVE-2023-6949

2024-04-0211:15:51

CWE-306

[email protected]

web.nvd.nist.gov

missing authentication

critical function

http service

dji mavic mini 3 pro

port 80

enumerate

download

videos

pictures

drone

external memory

authentication

5.2 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mini 3 Pro",
    "vendor": "DJI",
    "versions": [
      {
        "lessThan": "01.00.1200",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6949/

Social References

5.2 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-6949

nvd1 cvelist1