Vulnerability Description
DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dji | Spark Firmware | 01.00.0900 |
| Dji | Spark | - |
Related Weaknesses (CWE)
References
- https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-5ExploitThird Party Advisory
- https://smartstore.naver.com/chachablues/products/6617613337Product
- https://smartstore.naver.com/hancomawesome-tech/products/5367473135Product
- https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-5ExploitThird Party Advisory
- https://smartstore.naver.com/chachablues/products/6617613337Product
- https://smartstore.naver.com/hancomawesome-tech/products/5367473135Product
FAQ
What is CVE-2022-46415?
CVE-2022-46415 is a vulnerability with a CVSS score of 9.1 (CRITICAL). DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the devi...
How severe is CVE-2022-46415?
CVE-2022-46415 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-46415?
Check the references section above for vendor advisories and patch information. Affected products include: Dji Spark Firmware, Dji Spark.