CVE-2023-31190 – The DroneScout ds230 Remote ID receiver has an ... (How to Fix)

Q: What is the severity of CVE-2023-31190?

CVE-2023-31190 has a CVSS score of 8.1 (HIGH). The DroneScout ds230 Remote ID receiver has an improper authentication vulnerability during firmware updates where it doesn't validate TLS certificates. This allows man-in-the-middle attackers to deliver malicious firmware and gain root access. Affects DroneScout ds230 devices running firmware versions 20211210-1627 through 20230329-1042.

📋 TL;DR

The DroneScout ds230 Remote ID receiver has an improper authentication vulnerability during firmware updates where it doesn't validate TLS certificates. This allows man-in-the-middle attackers to deliver malicious firmware and gain root access. Affects DroneScout ds230 devices running firmware versions 20211210-1627 through 20230329-1042.

💻 Affected Systems

Products:

BlueMark Innovations DroneScout ds230 Remote ID receiver

Versions: 20211210-1627 through 20230329-1042

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default firmware update configuration are vulnerable. The vulnerability exists in the firmware update mechanism itself.

📦 What is this software?

Dronescout Ds230 Firmware by Bluemark

View all CVEs affecting Dronescout Ds230 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains complete root control of the device, can install persistent backdoors, intercept drone communications, or use the device as a pivot point into connected networks.

🟠

Likely Case

Attacker with network access can deliver malicious firmware to compromise the device, potentially gaining control over drone tracking and identification functions.

🟢

If Mitigated

With proper network segmentation and certificate validation, the attack requires physical access or compromise of internal network infrastructure.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires man-in-the-middle position but no authentication. The technique is well-known and could be weaponized by sophisticated attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 20230329-1042

Vendor Advisory: https://download.bluemark.io/dronescout/firmware/history.txt

Restart Required: Yes

Instructions:

1. Download latest firmware from BlueMark's official site. 2. Follow device-specific firmware update procedure. 3. Verify successful update and certificate validation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate DroneScout devices on separate VLANs to limit MITM attack surface

Disable Automatic Updates

all

Manually control firmware updates to prevent automatic downloads from vulnerable endpoints

🧯 If You Can't Patch

Segment network to isolate DroneScout devices from untrusted networks
Monitor for unusual firmware update attempts or network traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or SSH. If version is between 20211210-1627 and 20230329-1042, device is vulnerable.

Check Version:

ssh admin@device-ip 'cat /etc/version' or check web interface

Verify Fix Applied:

After update, verify firmware version is newer than 20230329-1042 and test that invalid TLS certificates are rejected during update attempts.

📡 Detection & Monitoring

Log Indicators:

Unexpected firmware update attempts
Failed certificate validation logs
Unusual file system modifications

Network Indicators:

HTTPS traffic to non-BlueMark update servers
Unusual TLS certificate patterns during firmware updates

SIEM Query:

source="dronescout" AND (event="firmware_update" OR event="certificate_validation")

📊 Metadata

CVE ID: CVE-2023-31190

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-295

Published: July 11, 2023

Last Updated: November 21, 2024

🔗 References

https://download.bluemark.io/dronescout/firmware/history.txt Release Notes
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31190/ Third Party Advisory
https://download.bluemark.io/dronescout/firmware/history.txt Release Notes
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31190/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31190, you might also want to check these: