CRITICAL🇬🇧 English

CVE-2022-46415

CVSS 9.1v3.1pub. 2023-03-27upd. 2025-02-19

DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
  • Dji Spark

    HW
    Dji
    wszystkie wersje
  • Dji Spark Firmware

    OS
    Dji
    01.00.0900
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-26673HIGH7.5ten sam produkt

An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to ...

CVE-2020-29664HIGH7.8ten sam vendor

A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allow...

CVE-2007-1074HIGH9.3ten sam vendor

Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to exec...

CVE-2022-29945MEDIUM4.0ten sam vendor

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physi...

CVE-2022-46415 — CRITICAL 9.1 | CVEbaza.pl