1. Home
  2. CVE Database
  3. CVE-2023-6949
MEDIUM · 5.2

CVE-2023-6949

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and...

Vulnerability Description

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication.

CVSS Score

5.2

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Related Weaknesses (CWE)

CWE-306

References

FAQ

What is CVE-2023-6949?

CVE-2023-6949 is a vulnerability with a CVSS score of 5.2 (MEDIUM). A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and...

How severe is CVE-2023-6949?

CVE-2023-6949 has been rated MEDIUM with a CVSS base score of 5.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6949?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.