CVE-2023-6949

MEDIUM Year: 2023
CVSS v3 Score
5.2
Medium
Weakness Type
CWE-306
View all →

Vulnerability Description

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication.

Related Vulnerabilities

CVE-2023-29061

MEDIUM
CVSS:5.2(Medium)

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify t...

CWE-3062023

CVE-2011-4190

MEDIUM
CVSS:5.3(Medium)

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in tha...

CWE-3062011

CVE-2017-15123

MEDIUM
CVSS:5.3(Medium)

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentia...

CWE-3062017

CVE-2018-1501

MEDIUM
CVSS:5.3(Medium)

IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.

CWE-3062018

CVE-2018-1757

MEDIUM
CVSS:5.3(Medium)

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force...

CWE-3062018

CVE-2018-20507

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

CWE-3062018