6.8

CVE-2023-51454

A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerdji
Produkt mavic_3_pro_firmware
Default Statusunknown
Version < 01.01.0300
Version 0
Status affected
Herstellerdji
Produkt mavic_3_firmware
Default Statusunknown
Version < 01.00.1200
Version 0
Status affected
Herstellerdji
Produkt matrice_300_firmware
Default Statusunknown
Version < 57.00.01.00
Version 0
Status affected
Herstellerdji
Produkt matrice_m30_firmware
Default Statusunknown
Version < 07.01.0022
Version 0
Status affected
Herstellerdji
Produkt mini_3_pro_firmware
Default Statusunknown
Version < 01.00.0620
Version 0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.253
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
prodsec@nozominetworks.com 6.8 0.9 5.9
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.