This page aggregates publicly disclosed CVE and security risk information related to parrot, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-33844 | The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE. | [email protected] | 7.5 | 0.37% | 2024-05-03 | 2025-03-13 |
| CVE-2022-46416 | Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets. | [email protected] | 9.1 | 0.66% | 2023-03-27 | 2024-11-21 |
| CVE-2019-3945 | Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length. | [email protected] | 7.5 | 0.43% | 2020-04-01 | 2024-11-21 |
| CVE-2019-3944 | Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight. | [email protected] | 7.5 | 0.74% | 2020-04-01 | 2024-11-21 |