CVE-2023-51456

Summary

CVE-2023-51456 is a critical vulnerability affecting several DJI drone models, including Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mini 3 Pro. The issue lies in the v2_sdk_service running on these devices on port 10000. An attacker can exploit this Improper Input Validation vulnerability in the v2_pack_array_to_msg function within the libv2_sdk.so library, leading to an out-of-bound read/write in the process memory due to missing input sanity checks. This could potentially result in a memory information leak or arbitrary code execution. The affected versions are Mavic 3 Pro up to v01.01.0300, Mavic 3 up to v01.00.1200, Mavic 3 Classic up to v01.00.0500, Mavic 3 Enterprise up to v07.01.10.03, Matrice 300 up to v57.00.01.00, Matrice M30 up to v07.01.0022, and Mini 3 Pro up to v01.00.0620.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.