CVE-2023-51455

Summary

CVE-2023-51455 is a vulnerability affecting certain DJI drone models, including the Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mini 3 Pro. The issue lies in the v2_sdk_service running on these devices, which operates on port 10000. An attacker can exploit an Improper Validation of Array Index in the on_receive_session_packet_ack function within the libv2_sdk.so library, which is used by the dji_vtwo_sdk binary implementing the service. This vulnerability potentially enables memory corruption, resulting in memory information leaks or even arbitrary code execution. The affected versions are: Mavic 3 Pro up to v01.01.0300, Mavic 3 up to v01.00.1200, Mavic 3 Classic up to v01.00.0500, Mavic 3 Enterprise up to v07.01.10.03, Matrice 300 up to v57.00.01.00, Matrice M30 up to v07.01.0022, and Mini 3 Pro up to v01.00.0620.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.