CVE-2023-6948

CVSS 3.1 Score 3.0 of 10 (low)

Details

Published Apr 2, 2024
CWE ID 120

Summary

CVE-2023-6948 is a vulnerability affecting select DJI drone models, including the Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mini 3 Pro. The issue lies in the v2_sdk_service, running on port 10000, which utilizes the libv2_sdk.so library in the dji_vtwo_sdk binary. An attacker can exploit a Buffer Copy without Checking Size of Input flaw in the sdk_printf function, causing the service to crash. This vulnerability, which can lead to a denial-of-service attack, impacts the availability of the affected devices. Versions of the mentioned drones with firmware below v01.01.0300, v01.00.1200, v01.00.0500, v07.01.10.03, v57.00.01.00, v07.01.0022, and v01.00.0620 are reportedly affected.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share