Login Sign Up

CVE-2023-31191

9.3 CRITICAL

📋 TL;DR

This vulnerability allows attackers to inject spoofed drone identification messages that force the DroneScout ds230 receiver to drop real drone location data and transmit fake information instead. This affects organizations using DroneScout ds230 Remote ID receivers for drone tracking and monitoring, potentially compromising airspace security.

💻 Affected Systems

Products:
  • BlueMark Innovations DroneScout ds230 Remote ID receiver
Versions: Firmware versions 20211210-1627 through 20230329-1042
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the adjacent channel suppression algorithm in the specified firmware versions. Requires physical proximity for signal injection.

📦 What is this software?

Dronescout Ds230 Firmware by Bluemark

View all CVEs affecting Dronescout Ds230 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of legitimate drone tracking data, enabling unauthorized drone operations, airspace violations, or drone-based attacks while appearing legitimate to monitoring systems.

🟠

Likely Case

Intermittent loss of drone tracking data, creating blind spots in drone monitoring systems and allowing unauthorized drone activity to go undetected.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though some data loss may still occur during attack windows.

🌐 Internet-Facing: MEDIUM - Attack requires proximity to inject signals but doesn't require internet connectivity to exploit.
🏢 Internal Only: LOW - The attack vector is wireless signal injection, not internal network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires specialized RF equipment and knowledge of drone communication protocols, but no authentication or network access needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version after 20230329-1042

Vendor Advisory: https://download.bluemark.io/dronescout/firmware/history.txt

Restart Required: Yes

Instructions:

1. Download latest firmware from BlueMark Innovations. 2. Connect to DroneScout ds230 via management interface. 3. Upload and apply firmware update. 4. Reboot device to complete installation.

🔧 Temporary Workarounds

Physical Security Perimeter

all

Establish physical security zones around drone monitoring equipment to prevent unauthorized signal injection

Network Segmentation

all

Isolate MQTT broker and drone monitoring systems from other network segments

🧯 If You Can't Patch

  • Implement redundant drone detection systems using different technologies
  • Deploy signal monitoring to detect spoofing attempts and alert operators

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or SSH connection. Vulnerable if version is between 20211210-1627 and 20230329-1042 inclusive.

Check Version:

ssh admin@dronescout-ip 'cat /etc/version' or check web interface at http://dronescout-ip/status

Verify Fix Applied:

Confirm firmware version is newer than 20230329-1042 and test with legitimate drone signals to ensure proper reception.

📡 Detection & Monitoring

Log Indicators:

  • Sudden loss of legitimate drone MQTT messages
  • Unusual patterns in drone ID data
  • Multiple drones reporting identical or impossible locations

Network Indicators:

  • Abnormal MQTT message patterns
  • Suspicious RF signal strength variations near receivers

SIEM Query:

source="dronescout" AND (message_count < threshold OR location_anomaly=true)

📊 Metadata

CVE ID: CVE-2023-31191
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
CWE: CWE-223
Published: July 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31191, you might also want to check these:

CVE-2024-52813 4.3

This vulnerability in matrix-rust-sdk's crypto crate fails to notify applications when a user's veri...

Same vulnerability type (CWE-223)