22 matches found
CVE-2023-6951
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...
CVE-2023-51453
A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the processpushfile function implemented in the libv2sdk....
CVE-2023-51454
A Out-of-bounds Write issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the mytcpreceive function implemented in the...
CVE-2023-6948
A Buffer Copy without Checking Size of Input issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdkprintf function implemented in th...
CVE-2023-51452
A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pullfilev2proc function implemented in the libv2sdk.s...
CVE-2023-51456
CVE-2023-51456 affects DJI drone devices via an Improper Input Validation in the v2_pack_array_to_msg function of libv2_sdk.so used by the v2_sdk_service on port 10000. The issue allows out-of-bounds read/write in memory, risking memory information leaks or arbitrary code execution. Affected: Mav...
CVE-2023-51455
A Improper Validation of Array Index issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the onreceivesessionpacketack function implemented in the libv2sdk.so...
CVE-2023-51455
CVE-2023-51455 concerns an Improper Validation of Array Index in the v2_sdk_service on DJI devices, specifically in the on_receive_session_packet_ack function of libv2_sdk.so used by the dji_vtwo_sdk service and exposed on port 10000. Affected devices/versions include Mavic 3 Pro < v01.01.0300...
CVE-2023-51454
The CVE-2023-51454 entry is supported by concrete details across connected sources: an out-of-bounds write in the v2_sdk_service listening on port 10000 of several DJI devices, caused by an unsafe memory write in my_tcp_receive in libv2_sdk.so. Affected are Mavic 3 Pro (< v01.01.0300), Mavic 3...
CVE-2023-51454
A Out-of-bounds Write issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the mytcpreceive function implemented in the...
CVE-2023-51452
A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pullfilev2proc function implemented in the libv2sdk.s...
CVE-2023-6951
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...
CVE-2023-6951
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...
CVE-2023-6951
CVE-2023-6951 concerns a Use of Weak Credentials affecting DJI drone Wi‑Fi networks (Mavic 3 Pro <= v01.01.0300, Mavic 3 <= v01.00.1200, Mavic 3 Classic <= v01.00.0500, Mavic 3 Enterprise <= v07.01.10.03, Matrice 300 <= v57.00.01.00, Matrice M30 <= v07.01.0022, Mini 3 Pro
CVE-2023-6948
CVE-2023-6948 affects DJI drone devices running v2_sdk_service on port 10000. The issue is a Buffer Copy without Checking Size of Input in sdk_printf within libv2_sdk.so used by the dji_vtwo_sdk binary, enabling a crafted payload to crash the service and cause denial of service (availability impa...
DJI Mavic和Matrice 安全漏洞
DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from the presence of an incorrect input...
DJI Mavic和Matrice 安全漏洞
DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from a buffer that does not check the size of...
DJI Mavic和Matrice 安全漏洞
DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from the presence of an out-of-bounds write...
DJI Mavic和Matrice 安全漏洞
DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from the presence of an incorrect input...
DJI Mavic和Matrice 安全漏洞
DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from the presence of an incorrect input...