Vulnerabilities > CVE-2022-46415 - Unspecified vulnerability in DJI Spark Firmware 01.00.0900

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

dji

NVD

Published: 2023-03-27

Updated: 2023-04-03

Summary

DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.

Vulnerable Configurations

Part	Description	Count
OS	Dji DJI Spark Firmware 01.00.0900	1
Hardware	Dji DJI Spark -	1

References

https://smartstore.naver.com/hancomawesome-tech/products/5367473135
https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-54q2-3r2m-9pgm
https://smartstore.naver.com/chachablues/products/6617613337