{"api_version":"1","generated_at":"2026-04-23T07:01:51+00:00","cve":"CVE-2022-46415","urls":{"html":"https://cve.report/CVE-2022-46415","api":"https://cve.report/api/cve/CVE-2022-46415.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-46415","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-46415"},"summary":{"title":"CVE-2022-46415","description":"DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-03-27 21:15:00","updated_at":"2023-04-03 17:04:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://smartstore.naver.com/chachablues/products/6617613337","name":"https://smartstore.naver.com/chachablues/products/6617613337","refsource":"MISC","tags":[],"title":"DJI 스파크 with Remote Control Combo 화이트 : 차차브루스","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-54q2-3r2m-9pgm","name":"https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-54q2-3r2m-9pgm","refsource":"MISC","tags":[],"title":"Commercial Drone DHCP Exhaustion Vulnerability · Advisory · bosslabdcu/Vulnerability-Reporting · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://smartstore.naver.com/hancomawesome-tech/products/5367473135","name":"https://smartstore.naver.com/hancomawesome-tech/products/5367473135","refsource":"MISC","tags":[],"title":"패럿 비밥 프로 3D 모델링 드론 / 입체 모델링을 위한 일체형 드론 / Parrot Bebop Pro 3D Modeling Drone : 주식회사 한컴어썸텍","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-46415","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46415","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"46415","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dji","cpe5":"spark","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46415","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dji","cpe5":"spark_firmware","cpe6":"01.00.0900","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-46415","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://smartstore.naver.com/chachablues/products/6617613337","url":"https://smartstore.naver.com/chachablues/products/6617613337"},{"refsource":"MISC","name":"https://smartstore.naver.com/hancomawesome-tech/products/5367473135","url":"https://smartstore.naver.com/hancomawesome-tech/products/5367473135"},{"refsource":"MISC","name":"https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-54q2-3r2m-9pgm","url":"https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-54q2-3r2m-9pgm"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AC:L/AV:N/A:H/C:L/I:L/PR:L/S:C/UI:N","version":"3.1"}}},"nvd":{"publishedDate":"2023-03-27 21:15:00","lastModifiedDate":"2023-04-03 17:04:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.2,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:dji:spark_firmware:01.00.0900:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:dji:spark:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}