Firmware Vulnerability Allows Attackers to Cut Off Drone Connection
CVE-2024-33844

7.5HIGH

Key Information:

Vendor: Parrot
Status: Anafi Firmware
Vendor: CVE Published:; 3 May 2024

What is CVE-2024-33844?

The firmware of the Parrot ANAFI USA drone version 1.10.4 contains a vulnerability where the firmware does not adequately validate MAV_MISSION_TYPE when processing the MAVLink MISSION_COUNT command. This oversight allows a remote attacker to disrupt the communication link between the drone and its controller by sending a malformed command. By exploiting this flaw, attackers could potentially gain control over the drone's operation, leading to unauthorized actions or loss of control. Ensuring all firmware updates are applied and security measures are followed are crucial for maintaining drone operation reliability.

References

http://anafi.com

http://nvd-cwe-other.com

https://forum.developer.parrot.com/t/cve-2024-33844-bugs-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024

CVE-2024-33844 Data

JSON