CVE-2023-51456

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Apr 2, 2024
CWE ID 20

Summary

CVE-2023-51456 is an Improper Input Validation vulnerability that affects a range of DJI drone devices, including Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mini 3 Pro. The vulnerability exists in the v2_sdk_service running on port 10000 and can be exploited by an attacker through a crafted payload to trigger out-of-bound read/write into the process memory. This vulnerability is due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library. Exploiting this vulnerability could potentially lead to a memory information leak or arbitrary code execution. It has a base severity rating of MEDIUM and poses a high risk to confidentiality and integrity. Remediation measures should be taken promptly to mitigate the potential impact of this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-51456 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options