CVE-2023-6951

Name of the Vulnerable Software and Affected Versions DJI Mavic 3 Pro versions prior to v01.01.0300 DJI Mavic 3 versions prior to v01.00.1200 DJI Mavic 3 Classic versions prior to v01.00.0500 DJI Mavic 3 Enterprise versions prior to v07.01.10.03 DJI Matrice 300 versions prior to v57.00.01.00 DJI Matrice M30 versions prior to v07.01.0022 DJI Mini 3 Pro versions prior to v01.00.0620

Description A Use of Weak Credentials issue affects the Wi-Fi network generated by a set of DJI drones, allowing a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone's Wi-Fi network. This enables the attacker to perform unauthorized interaction with the network services exposed by the drone and potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode.

Recommendations For DJI Mavic 3 Pro versions prior to v01.01.0300, update to v01.01.0300 or later to resolve the issue. For DJI Mavic 3 versions prior to v01.00.1200, update to v01.00.1200 or later to resolve the issue. For DJI Mavic 3 Classic versions prior to v01.00.0500, update to v01.00.0500 or later to resolve the issue. For DJI Mavic 3 Enterprise versions prior to v07.01.10.03, update to v07.01.10.03 or later to resolve the issue. For DJI Matrice 300 versions prior to v57.00.01.00, update to v57.00.01.00 or later to resolve the issue. For DJI Matrice M30 versions prior to v07.01.0022, update to v07.01.0022 or later to resolve the issue. For DJI Mini 3 Pro versions prior to v01.00.0620, update to v01.00.0620 or later to resolve the issue.