CVE-2026-1743— DJI Mavic Mini/Air/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-1743
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DJI Mavic Mini/Air/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用捕获-重放进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
DJI多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
DJI Spark等都是中国大疆(DJI)的产品。DJI Spark是DJI Mavic Mini是一个超轻型折叠无人机。DJI Mini SE是一个入门款无人机。 DJI多款产品存在安全漏洞,该漏洞源于Enhanced Wi-Fi Pairing组件存在身份验证绕过。以下产品及版本受到影响:DJI Mavic Mini、Air、Spark和Mini SE 01.00.0500及之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-1743
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-1743
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-294
- CVE-2026-41351
OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via B - CVE-2026-35618
OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only - CVE-2026-34209
mppx: Tempo has a session close voucher bypass vulnerability - CVE-2026-32987
OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Devic - CVE-2026-27855
Open-Xchange OX Dovecot Pro 安全漏洞
V. Comments for CVE-2026-1743
No comments yet