CVE-2023-51456

Summary

CVE-2023-51456 is an Improper Input Validation vulnerability that affects a range of DJI drone devices, including Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mini 3 Pro. The vulnerability exists in the v2_sdk_service running on port 10000 and can be exploited by an attacker through a crafted payload to trigger out-of-bound read/write into the process memory. This vulnerability is due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library. Exploiting this vulnerability could potentially lead to a memory information leak or arbitrary code execution. It has a base severity rating of MEDIUM and poses a high risk to confidentiality and integrity. Remediation measures should be taken promptly to mitigate the potential impact of this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.