CVE-2024-33844

The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.
Configurations

Configuration 1 (hide)

cpe:2.3:o:parrot:anafi_firmware:1.10.4:*:*:*:*:*:*:*

History

21 Nov 2024, 09:17

Type Values Removed Values Added
References () http://anafi.com - Not Applicable () http://anafi.com - Not Applicable
References () http://nvd-cwe-other.com - Broken Link () http://nvd-cwe-other.com - Broken Link
References () https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501 - Vendor Advisory () https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501 - Vendor Advisory
References () https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1 - Vendor Advisory () https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1 - Vendor Advisory

06 Aug 2024, 15:35

Type Values Removed Values Added
CWE CWE-404

10 Jun 2024, 18:45

Type Values Removed Values Added
Summary
  • (es) El 'control' en el firmware 1.10.4 de Parrot ANAFI USA no verifica MAV_MISSION_TYPE(0, 1, 2, 255), lo que permite al atacante cortar la conexión entre un controlador y el dron enviando el comando MAVLink MISSION_COUNT con un MAV_MISSION_TYPE incorrecto.
First Time Parrot anafi Firmware
Parrot
CPE cpe:2.3:o:parrot:anafi_firmware:1.10.4:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () http://anafi.com - () http://anafi.com - Not Applicable
References () http://nvd-cwe-other.com - () http://nvd-cwe-other.com - Broken Link
References () https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501 - () https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501 - Vendor Advisory
References () https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1 - () https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1 - Vendor Advisory

03 May 2024, 19:15

Type Values Removed Values Added
References
  • () https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1 -

03 May 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-03 15:15

Updated : 2024-11-21 09:17


NVD link : CVE-2024-33844

Mitre link : CVE-2024-33844

CVE.ORG link : CVE-2024-33844


JSON object : View

Products Affected

parrot

  • anafi_firmware
CWE
NVD-CWE-noinfo CWE-404

Improper Resource Shutdown or Release