CVE Tools
Sign in

CVE-2023-6951

Published: Apr 2, 2024Updated: Nov 21, 2024 Sources: CVE List NVD BDUCWE-334
6.6MEDIUM
NVD MITRE
EPSS Score
0.3%
Top 79.7%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.

No summary for this CVE yet.

CVSS Vector Breakdown

AV:AAC:LPR:NUI:RS:CC:HI:NA:N
Exploitability
AV:AAttack Vector
Adjacent
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:RUser Interaction
Required
Scope
S:CScope
Changed
Impact
C:HConfidentiality
High
I:NIntegrity
None
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-334

Affected Products

Mavic 3 ProDJI
Embedded
Hardware Firmware
Mavic 3DJI
Embedded
Hardware Firmware
Mavic 3 ClassicDJI
Embedded
Hardware Firmware
Mavic 3 EnterpriseDJI
Embedded
Hardware Firmware
Matrice 300DJI
Embedded
Hardware Firmware
djicommercialCNHardware Firmware
and 9 more affected products View all →

Exploitability

Official Patch Available

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6951/
nozominetworks.com
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6951
nozominetworks.com
https://vuldb.com/ru/?id.259020
vuldb.com

Timeline

Published
Apr 2, 2024
Last Updated
Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2023-6951 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows