6.8

CVE-2023-51454

A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerdji
Produkt mavic_3_pro_firmware
Default Statusunknown
Version 0
Version < 01.01.0300
Status affected
Herstellerdji
Produkt mavic_3_firmware
Default Statusunknown
Version 0
Version < 01.00.1200
Status affected
Herstellerdji
Produkt matrice_300_firmware
Default Statusunknown
Version 0
Version < 57.00.01.00
Status affected
Herstellerdji
Produkt matrice_m30_firmware
Default Statusunknown
Version 0
Version < 07.01.0022
Status affected
Herstellerdji
Produkt mini_3_pro_firmware
Default Statusunknown
Version 0
Version < 01.00.0620
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.156
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
prodsec@nozominetworks.com 6.8 0.9 5.9
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51454/