CVE-2023-47335
Description
Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Insecure permissions in Autel Robotics EVO Nano drone's setNFZEnable function allow attackers to bypass geo-fence and fly into no-fly zones.
Vulnerability
The vulnerability resides in the setNFZEnable function within the com.autel.drone.sdk.expose.module.flight.controller package of the AutelSky app for the Autel EVO Nano drone, version 1.6.5 [1]. Insecure permissions on this function allow an attacker to disable the geo-fence that prevents flight in no-fly zones [1].
Exploitation
An attacker with physical access to the drone and the AutelSky mobile app can use Frida to hook the app and call setNFZEnable with a false parameter at startup [1]. This disables the no-fly zone enforcement, enabling flight in restricted areas [1].
Impact
Successful exploitation allows the attacker to fly the drone in no-fly zones, such as airports, nuclear power plants, and prisons [1]. This can lead to dangerous situations, including interference with aircraft or illegal surveillance [1].
Mitigation
As of the publication date, no official patch has been released [1]. Users should avoid using the vulnerable firmware version 1.6.5 and monitor the vendor's website for updates [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Autel Robotics/EVO Nano dronedescription
- Range: =1.6.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
0No linked articles in our index yet.