Junkwon Lee

#10638of 53,633
26Total CVSS
Vulnerabilities · 3
High
1
Critical
2
PT-2023-14932
9.1
2023-03-27
Parrot · Parrot Bebop · CVE-2022-46416
**Name of the Vulnerable Software and Affected Versions** Parrot Bebop version 4.7.1 **Description** The issue allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To exploit this, an attacker would first need to connect to the device's internal Wi-Fi network, for example, by guessing the password. Then, the attacker would send many DHCP request packets. **Recommendations** For Parrot Bebop version 4.7.1, consider restricting access to the device's internal Wi-Fi network to prevent unauthorized connections, and limit the number of DHCP requests to mitigate the risk of IP address pool exhaustion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-13008
7.8
2023-01-31
Toshiba · Toshiba Storage Security · CVE-2022-30421
**Name of the Vulnerable Software and Affected Versions** Toshiba Storage Security Software version 1.2.0.7413 **Description** The issue is related to an Improper Authentication vulnerability that allows sensitive information to be obtained via the local password authentication module. **Recommendations** For Toshiba Storage Security Software version 1.2.0.7413, consider disabling the local password authentication module until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.
PT-2022-6500
9.1
2022-04-12
Dji · Dji Spark · CVE-2022-46415
**Name of the Vulnerable Software and Affected Versions** DJI Spark version 01.00.0900 **Description** The issue is related to a flaw in the implementation of the Dynamic Host Configuration Protocol (DHCP) in the DJI Spark drone's firmware, which can lead to the exhaustion of the IP address pool due to a security-critical code change. This can be exploited by a remote attacker to cause a denial of service by sending specially crafted packets. The exploitation involves connecting to the device's internal Wi-Fi network and then sending multiple DHCP request packets. **Recommendations** For DJI Spark version 01.00.0900, to mitigate this issue, consider restricting access to the device's internal Wi-Fi network and limiting the number of DHCP requests that can be sent to the device. As a temporary workaround, avoid using the DHCP protocol until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.