CVE-2024-33844

Published: May 3, 2024Modified: Mar 13, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.

Affected (1)

Products: Parrot: Anafi Firmware

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Parrot Anafi Firmware	Version 1.10.4

Related CWEs

Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

References (8)

http://anafi.com

Source: cve@mitre.org

Not Applicable

http://nvd-cwe-other.com

Source: cve@mitre.org

Broken Link

https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501

Source: cve@mitre.org

Vendor Advisory

https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1

Source: cve@mitre.org

Vendor Advisory

http://anafi.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://nvd-cwe-other.com

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.