CVE-2026-1743 Overview
A vulnerability has been identified in multiple DJI consumer drone models affecting the Enhanced Wi-Fi Pairing component. This authentication bypass vulnerability allows attackers to circumvent pairing security through capture-replay attacks. The vulnerability requires the attacker to be within the local network proximity of the target drone and involves a high degree of complexity to exploit successfully.
The vulnerability impacts the authentication mechanism used during the Wi-Fi pairing process between DJI drones and their controllers. By capturing and replaying authentication traffic, an attacker could potentially bypass the pairing security controls, though exploitation is considered difficult.
Critical Impact
Authentication bypass in DJI drone Wi-Fi pairing allows local network attackers to potentially hijack drone connections through capture-replay attacks, though exploitation complexity is high.
Affected Products
- DJI Mavic Mini (firmware up to 01.00.0500)
- DJI Mavic Air (firmware up to 01.00.0500)
- DJI Spark (firmware up to 01.00.0500)
- DJI Mini SE (firmware up to 01.00.0500)
Discovery Timeline
- 2026-02-02 - CVE-2026-1743 published to NVD
- 2026-02-03 - Last updated in NVD database
Technical Details for CVE-2026-1743
Vulnerability Analysis
This vulnerability falls under CWE-287 (Improper Authentication). The Enhanced Wi-Fi Pairing feature in affected DJI drones contains a weakness in its authentication protocol that does not adequately protect against replay attacks. During the pairing handshake between a drone and its controller, authentication tokens or session credentials can be captured by an attacker positioned within the adjacent network range.
The attack requires the adversary to be in close physical proximity to intercept the wireless communications during the pairing process. Once captured, these authentication packets can be replayed to establish an unauthorized connection to the drone without possessing the legitimate pairing credentials.
The exploitation is considered difficult due to the requirement for precise timing, physical proximity, and the complexity of successfully replaying captured authentication sequences. The vendor (DJI) was contacted about this vulnerability but did not respond.
Root Cause
The root cause is improper authentication implementation in the Enhanced Wi-Fi Pairing component. The pairing protocol lacks adequate protection mechanisms such as cryptographic nonces, timestamps, or challenge-response validation that would prevent replay attacks. Without these protections, captured authentication traffic remains valid for reuse, enabling attackers to bypass the pairing security.
Attack Vector
The attack vector requires adjacent network access, meaning the attacker must be within Wi-Fi range of the target drone and controller during a pairing operation. The attack sequence involves:
- Positioning within wireless range of the target drone during pairing
- Capturing Enhanced Wi-Fi Pairing authentication traffic using wireless monitoring tools
- Analyzing captured packets to identify replayable authentication sequences
- Replaying captured authentication data to establish unauthorized connection
The high attack complexity stems from the need to intercept traffic at the precise moment of pairing and successfully replay it before session invalidation occurs. A proof-of-concept exploit has been publicly disclosed and is available via the GitHub PoC Repository.
Detection Methods for CVE-2026-1743
Indicators of Compromise
- Unexpected drone pairing events or connection attempts during normal operations
- Multiple failed pairing attempts followed by successful unauthorized connections
- Anomalous wireless traffic patterns during Enhanced Wi-Fi Pairing sessions
- Drone behavior changes or loss of control during active flight sessions
Detection Strategies
- Monitor drone controller logs for unauthorized pairing notifications or unknown device connections
- Implement wireless intrusion detection systems (WIDS) to identify suspicious traffic near drone operating areas
- Review drone flight logs for unexplained connection handoffs or controller switches
- Use RF spectrum analysis tools to detect potential eavesdropping activity during pairing operations
Monitoring Recommendations
- Establish baseline pairing behavior patterns and alert on deviations
- Enable maximum logging on drone controllers when available
- Conduct periodic security assessments of drone operating environments
- Monitor public exploit repositories and threat intelligence feeds for new attack techniques targeting DJI drones
How to Mitigate CVE-2026-1743
Immediate Actions Required
- Avoid performing Enhanced Wi-Fi Pairing operations in untrusted or public environments
- Conduct pairing operations only in secure, controlled locations away from potential adversaries
- Monitor for unauthorized connection attempts and immediately re-pair devices if suspicious activity is detected
- Consider disabling Enhanced Wi-Fi Pairing if not required and use alternative connection methods when available
Patch Information
No vendor patch is currently available. DJI was contacted about this vulnerability but did not respond. Users should monitor official DJI channels for potential firmware updates addressing this issue. Additional technical details are available via VulDB #343674.
Workarounds
- Perform Wi-Fi pairing only in physically secure, private locations with no unauthorized individuals present
- Complete all pairing operations prior to deployment in the field to minimize exposure
- Implement physical security controls around drone operations to reduce attack surface
- Consider using RF shielding during pairing operations in sensitive environments
- Maintain awareness of surroundings when operating drones and watch for suspicious monitoring activity
# Recommended operational security measures
# 1. Verify no unknown devices in proximity before pairing
# 2. Complete pairing in indoor, RF-shielded environment if possible
# 3. Document all authorized controllers by serial number
# 4. Check drone connection status regularly during operations
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
