CVE-2024-33844

2024-05-0300:00:00

mitre

www.cve.org

parrot anafi usa

firmware 1.10.4

unauthenticated attackers

disrupt drone connection

mavlinkmission count command

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.3%

JSON

The ‘control’ in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.

References

anafi.com

nvd-cwe-other.com

forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501

forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1