Vulnerabilities > CVE-2024-33844 - Unspecified vulnerability in Parrot Anafi Firmware 1.10.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

parrot

NVD

Published: 2024-05-03

Updated: 2024-06-10

Summary

The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.

Vulnerable Configurations

Part	Description	Count
OS	Parrot Parrot Anafi Firmware 1.10.4	1

References

http://anafi.com
http://nvd-cwe-other.com
https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501
https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1