CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

CVE-2023-51454

A Out-of-bounds Write issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the mytcpreceive function implemented in the...

CVE-2023-6948

A Buffer Copy without Checking Size of Input issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdkprintf function implemented in th...

CVE-2023-51453

A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the processpushfile function implemented in the libv2sdk....

CVE-2023-51452

A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pullfilev2proc function implemented in the libv2sdk.s...

CVE-2023-51456

CVE-2023-51456 affects DJI drone devices via an Improper Input Validation in the v2_pack_array_to_msg function of libv2_sdk.so used by the v2_sdk_service on port 10000. The issue allows out-of-bounds read/write in memory, risking memory information leaks or arbitrary code execution. Affected: Mav...

CVE-2023-51455

CVE-2023-51455 concerns an Improper Validation of Array Index in the v2_sdk_service on DJI devices, specifically in the on_receive_session_packet_ack function of libv2_sdk.so used by the dji_vtwo_sdk service and exposed on port 10000. Affected devices/versions include Mavic 3 Pro < v01.01.0300...

CVE-2023-51455

A Improper Validation of Array Index issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the onreceivesessionpacketack function implemented in the libv2sdk.so...

CVE-2023-51454

A Out-of-bounds Write issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the mytcpreceive function implemented in the...

CVE-2023-51454

The CVE-2023-51454 entry is supported by concrete details across connected sources: an out-of-bounds write in the v2_sdk_service listening on port 10000 of several DJI devices, caused by an unsafe memory write in my_tcp_receive in libv2_sdk.so. Affected are Mavic 3 Pro (< v01.01.0300), Mavic 3...

CVE-2023-51452

A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pullfilev2proc function implemented in the libv2sdk.s...

CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

CVE-2023-6951

CVE-2023-6951 concerns a Use of Weak Credentials affecting DJI drone Wi‑Fi networks (Mavic 3 Pro <= v01.01.0300, Mavic 3 <= v01.00.1200, Mavic 3 Classic <= v01.00.0500, Mavic 3 Enterprise <= v07.01.10.03, Matrice 300 <= v57.00.01.00, Matrice M30 <= v07.01.0022, Mini 3 Pro

CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

CVE-2023-6948

CVE-2023-6948 affects DJI drone devices running v2_sdk_service on port 10000. The issue is a Buffer Copy without Checking Size of Input in sdk_printf within libv2_sdk.so used by the dji_vtwo_sdk binary, enabling a crafted payload to crash the service and cause denial of service (availability impa...

CVE-2023-6948

A Buffer Copy without Checking Size of Input issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdkprintf function implemented in th...

PT-2024-14131 · Dji · Dji Vtwo Sdk +9

Name of the Vulnerable Software and Affected Versions: DJI Mavic 3 Pro versions prior to v01.01.0300 DJI Mavic 3 versions prior to v01.00.1200 DJI Mavic 3 Classic versions prior to v01.00.0500 DJI Mavic 3 Enterprise versions prior to v07.01.10.03 DJI Matrice 300 versions prior to v57.00.01.00 DJI...

DJI Mavic和Matrice 安全漏洞

DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from the presence of an incorrect input...

DJI Mavic和Matrice 安全漏洞

DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from the presence of an incorrect input...

DJI Mavic和Matrice安全漏洞

DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from the presence of an incorrect index...