Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drone vulnerabilities and exploits
(subscribe to this query)
5.7
CVSSv3
CVE-2023-50121
Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).
Autelrobotics Evo Nano Drone Firmware 1.6.5
7.5
CVSSv3
CVE-2019-3944
Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated malicious users to disconnect drone from controller during mid-flight.
Parrot Anafi Firmware
NA
CVE-2024-30800
PX4 Autopilot v.1.14 allows an malicious user to fly the drone into no-fly zones by breaching the geofence using flaws in the function.
6.5
CVSSv3
CVE-2023-47335
Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows malicious users to breach the geo-fence and fly into no-fly zones.
Autelrobotics Evo Nano Drone Firmware 1.6.5
NA
CVE-2024-29460
An issue in PX4 Autopilot v.1.14.0 allows an malicious user to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.
NA
CVE-2024-33844
The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows malicious user to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.
1 Github repository
NA
CVE-2023-6951
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote malicious user to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the malicious user to...
NA
CVE-2023-6949
A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an malicious user to enumerate and download videos and pictures saved on the drone internal or external memory without requiring...
6.8
CVSSv3
CVE-2023-29156
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, at the right times, spoofed Open Drone ID (ODID) messages which force the DroneScout ...
Bluemark Dronescout Ds230 Firmware
8.1
CVSSv3
CVE-2023-40034
Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and c...
Woodpecker-ci Woodpecker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »