CVE-2023-6949

Name of the Vulnerable Software and Affected Versions DJI Mavic Mini 3 Pro (affected versions not specified)

Description A Missing Authentication for Critical Function issue affects the HTTP service running on the standard port 80, allowing an attacker to enumerate and download videos and pictures saved on the drone's internal or external memory without requiring authentication. This could enable a remote attacker to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.