CVE-2023-51453

Summary

CVE-2023-51453 is a vulnerability affecting select DJI drone models, including Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mini 3 Pro. This issue arises due to an improper input validation issue in the v2_sdk_service on port 10000. A maliciously crafted payload can trigger a missing input size check in the process_push_file function within the libv2_sdk.so library, causing the service to crash. Consequences of this vulnerability include a denial-of-service attack, compromising the availability of the affected drone devices. Models with firmware versions below v01.01.0300 for Mavic 3 Pro, v01.00.1200 for Mavic 3, v01.00.0500 for Mavic 3 Classic, v07.01.10.03 for Mavic 3 Enterprise, v57.00.01.00 for Matrice 300, v07.01.0022 for Matrice M30, and v01.00.0620 for Mini 3 Pro are potentially affected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.