How severe is CVE-2023-31191?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2023-31191?

This is classified as CWE-223, which is a common weakness in software security.

CVE-2023-31191 - HIGH Severity | CVSS 8.1

Vulnerability Description

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, on carefully selected channels, high power spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. Consequently, the MQTT broker, typically operated by a system integrator, will have no access to the drones’ real RID information. This issue affects the adjacent channel suppression algorithm present in DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.

Related Vulnerabilities

CVE-2023-29156

MEDIUM

CVSS:6.8(Medium)

CWE-2232023

CVE-2023-29156

MEDIUM

CVSS:6.8(Medium)

CWE-2232023

CVE-2022-44646

MEDIUM

CVSS:5.3(Medium)

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings

CWE-2232022

CVE-2022-22563

MEDIUM

CVSS:4.4(Medium)

Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source...

CWE-2232022

CVE-2023-28360

MEDIUM

CVSS:4.3(Medium)

An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the us...

CWE-2232023

CVE-2024-52813

MEDIUM

CVSS:4.3(Medium)

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptograph...

CWE-2232024