DJI Mavic Mini/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay

2.3 / 10

LOW

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-1743

Source VulDB

Published Feb 2, 2026 at 04:02

Affected Product

Vendor DJI

Product Mavic Mini

Version 01.00

Affected Versions DJI Mavic Mini 01.00
DJI Spark 01.00
DJI Mini SE 01.00

CWE Classification

CWE-294 CWE-287

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-02-02T04:02:07.053Z",
    "modified": "2026-02-02T04:02:07.053Z",
    "type": "cve",
    "title": "DJI Mavic Mini/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.343674\nhttps://vuldb.com/?ctiid.343674\nhttps://vuldb.com/?submit.741323\nhttps://github.com/ByteMe1001/DJI-CatNect\nhttps://github.com/ByteMe1001/DJI-CatNect/blob/main/exploit.c",
    "id": "CVE-2026-1743",
    "bulletinFamily": "",
    "cwe": [
        "CWE-294",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "DJI Mavic Mini 01.00\nDJI Spark 01.00\nDJI Mini SE 01.00",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mavic Mini",
    "version": "01.00",
    "vendor": "DJI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

DJI Mavic Mini/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay_CVE-2026-1743