CVE-2022-46415

Name of the Vulnerable Software and Affected Versions DJI Spark version 01.00.0900

Description The issue is related to a flaw in the implementation of the Dynamic Host Configuration Protocol (DHCP) in the DJI Spark drone's firmware, which can lead to the exhaustion of the IP address pool due to a security-critical code change. This can be exploited by a remote attacker to cause a denial of service by sending specially crafted packets. The exploitation involves connecting to the device's internal Wi-Fi network and then sending multiple DHCP request packets.

Recommendations For DJI Spark version 01.00.0900, to mitigate this issue, consider restricting access to the device's internal Wi-Fi network and limiting the number of DHCP requests that can be sent to the device. As a temporary workaround, avoid using the DHCP protocol until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.