CVE-2026-1743
Unknown Unknown - Not Provided
Authentication Bypass via Replay in DJI Enhanced Wi-Fi Pairing

Publication date: 2026-02-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1743
EUVD
EUVD-2026-5151
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
dji mavic_mini to 01.00.0500 (inc)
dji spark to 01.00.0500 (inc)
dji mini_se to 01.00.0500 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-294 A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1743 is a vulnerability in DJI Mavic Mini, Spark, and Mini SE drones affecting the Enhanced Wi-Fi Pairing component. It allows an attacker within the local network to perform an authentication bypass by capturing and replaying network traffic. The vulnerability exploits weak WEP encryption used in the Wi-Fi protocol, enabling the attacker to recover the WEP key and inject crafted packets that forcibly disconnect the drone from its remote controller. This causes a denial-of-service condition, disrupting control and telemetry between the drone and controller. The attack is complex but feasible and does not require prior authentication. [1, 2, 3]

Impact Analysis

This vulnerability can impact users by causing a denial-of-service (DoS) condition on affected DJI drones, resulting in loss of control and telemetry between the drone and its remote controller. An attacker within wireless range can disconnect the drone at any time, whether it is grounded or airborne, potentially leading to crashes or loss of the drone. The disruption persists as long as the attacker continues to replay the crafted disconnect frames, affecting the availability and safe operation of the drone. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by monitoring for unusual IEEE 802.11 frame injection or replay attacks on the Enhanced Wi-Fi pairing channel used by DJI Mavic Mini, Spark, and Mini SE drones. Since the attack involves capturing and replaying WEP-encrypted frames, network sniffing tools like Wireshark or tcpdump can be used to capture wireless traffic and analyze for repeated or suspicious pairing frames. Additionally, using tools that can monitor for WEP key recovery attempts or abnormal disconnection frames on the wireless interface (e.g., mon0) may help detect exploitation attempts. Specific commands include using tcpdump to capture wireless traffic: `tcpdump -i mon0 -w capture.pcap` and analyzing the capture for repeated pairing frames or disconnect packets. Also, monitoring logs for unexpected drone disconnections or loss of telemetry may indicate an attack. [1, 2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected DJI drones with models that do not use the vulnerable Enhanced Wi-Fi pairing protocol or have updated firmware that addresses this issue. Since the vulnerability exploits weak WEP encryption, avoiding use of the affected firmware version (up to 01.00.0500) is critical. There are no known vendor patches or fixes currently available. Limiting physical and wireless access to the local network where the drone operates can reduce the risk of attack. Additionally, monitoring for suspicious wireless activity and disabling Wi-Fi interfaces when not in use may help mitigate exploitation. Avoid flying the affected drones in environments where attackers could be within wireless range. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1743. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart