PT-2026-5602 · Dji · Dji Spark+3
Byteme1001
·
Publicado
2026-02-02
·
Atualizado
2026-02-02
·
CVE-2026-1743
CVSS v3.1
3.1
Baixa
| Vetor | AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
DJI Mavic Mini versions prior to 01.00.0500
DJI Spark versions prior to 01.00.0500
DJI Mini SE versions prior to 01.00.0500
DJI Air versions prior to 01.00.0500
Description
A flaw exists in the Enhanced Wi-Fi Pairing component that allows for authentication bypass through a capture-replay attack. The attack requires local network access and a high degree of complexity, making exploitation difficult. The exploit is publicly available. The vendor was informed of this issue but did not provide a response.
Recommendations
Update DJI Mavic Mini to version 01.00.0500 or later.
Update DJI Spark to version 01.00.0500 or later.
Update DJI Mini SE to version 01.00.0500 or later.
Update DJI Air to version 01.00.0500 or later.
Exploit
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Dji Air
Dji Mavic Mini
Dji Mini Se
Dji Spark