CVE-2024-33844

Name of the Vulnerable Software and Affected Versions Parrot ANAFI USA firmware version 1.10.4

Description The issue concerns a lack of validation for the MAV MISSION TYPE in the Parrot ANAFI USA firmware, specifically for values 0, 1, 2, and 255. This allows an attacker to disrupt the connection between the controller and the drone by sending a MAVLink MISSION COUNT command with an incorrect MAV MISSION TYPE. This can be exploited via a local network.

Recommendations For Parrot ANAFI USA firmware version 1.10.4, consider isolating drones from the network and analyzing traffic to minimize the risk of exploitation. As a temporary workaround, restrict access to the MAVLink component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.