DHCP Exhaustion Vulnerability in DJI Spark Drone
CVE-2022-46415

5.9MEDIUM

Key Information:

Vendor: Dji
Status: Spark Firmware
Vendor: CVE Published:; 27 March 2023

What is CVE-2022-46415?

The DJI Spark drone, with firmware version 01.00.0900, is susceptible to a vulnerability that enables remote attackers to disrupt legitimate connections by exhausting the DHCP IP address pool. To exploit this weakness, an attacker must first connect to the drone's internal Wi-Fi network, potentially through password guessing. Once connected, the attacker can flood the network with unnecessary DHCP request packets, leading to denial of service for legitimate users attempting to connect.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://smartstore.naver.com/chachablues/products/6617613337

https://smartstore.naver.com/hancomawesome-tech/products/...

https://github.com/bosslabdcu/Vulnerability-Reporting/sec...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Dec 4, 2022

JSON

Dji

What is CVE-2022-46415?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.