CVE-2023-6951
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.
Una vulnerabilidad de uso de credenciales débiles que afecta a la red Wi-Fi generada por un conjunto de drones DJI podría permitir que un atacante remoto obtenga la clave WPA2 PSK y se autentique sin permiso en la red Wi-Fi del dron. Esto, a su vez, permite al atacante realizar una interacción no autorizada con los servicios de red expuestos por el dron y potencialmente descifrar el tráfico Wi-Fi intercambiado entre el dron y el dispositivo Android/IOS del usuario legítimo durante el modo QuickTransfer. Los modelos afectados son Mavic 3 Pro hasta v01.01.0300, Mavic 3 hasta v01.00.1200, Mavic 3 Classic hasta v01.00.0500, Mavic 3 Enterprise hasta v07.01.10.03, Matrice 300 hasta v57.00.01.00, Matrice M30 hasta v07. 01.0022 y Mini 3 Pro hasta v01.00.0620.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-12-19 CVE Reserved
- 2024-04-02 CVE Published
- 2024-04-03 EPSS Updated
- 2024-09-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-334: Small Space of Random Values
- CWE-1391: Use of Weak Credentials
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| DJI Search vendor "DJI" | Mavic 3 Pro Search vendor "DJI" for product "Mavic 3 Pro" | < 01.01.0300 Search vendor "DJI" for product "Mavic 3 Pro" and version " < 01.01.0300" | en |
Affected
| ||||||
| DJI Search vendor "DJI" | Mavic 3 Search vendor "DJI" for product "Mavic 3" | < 01.00.1200 Search vendor "DJI" for product "Mavic 3" and version " < 01.00.1200" | en |
Affected
| ||||||
| DJI Search vendor "DJI" | Mavic 3 Classic Search vendor "DJI" for product "Mavic 3 Classic" | < 01.00.0500 Search vendor "DJI" for product "Mavic 3 Classic" and version " < 01.00.0500" | en |
Affected
| ||||||
| DJI Search vendor "DJI" | Mavic 3 Enterprise Search vendor "DJI" for product "Mavic 3 Enterprise" | < 7.01.10.03 Search vendor "DJI" for product "Mavic 3 Enterprise" and version " < 7.01.10.03" | en |
Affected
| ||||||
| DJI Search vendor "DJI" | Matrice 300 Search vendor "DJI" for product "Matrice 300" | < 57.00.01.00 Search vendor "DJI" for product "Matrice 300" and version " < 57.00.01.00" | en |
Affected
| ||||||
| DJI Search vendor "DJI" | Matrice M30 Search vendor "DJI" for product "Matrice M30" | < 07.01.0022 Search vendor "DJI" for product "Matrice M30" and version " < 07.01.0022" | en |
Affected
| ||||||
| DJI Search vendor "DJI" | Mini 3 Pro Search vendor "DJI" for product "Mini 3 Pro" | < 01.00.0620 Search vendor "DJI" for product "Mini 3 Pro" and version " < 01.00.0620" | en |
Affected
| ||||||