CVE-2023-51455

Summary

CVE-2023-51455 is an Improper Validation of Array Index vulnerability that affects DJI drone devices running the v2_sdk_service on port 10000. The vulnerability resides in the libv2_sdk.so library used by the dji_vtwo_sdk binary, specifically in the on_receive_session_packet_ack function. This flaw allows an attacker to corrupt a controlled memory location due to missing input validation, potentially leading to a memory information leak or arbitrary code execution. The affected drone models include Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mini 3 Pro. To remediate this vulnerability, users should update their affected drone models to the specified firmware versions. This vulnerability poses a medium risk with high integrity and confidentiality impacts as it could allow attackers to gain unauthorized access to sensitive information or execute malicious code on the affected devices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.