PT-2021-11706 · Dji · Dji Mavic 2 Remote Controller

Viktor Edstroem

Published

2021-02-18

Updated

2021-07-21

CVE-2020-29664

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: DJI Mavic 2 Remote Controller versions prior to 01.00.0510

Description: A command injection issue in dji sys allows for code execution via a malicious firmware upgrade packet. This issue enables attackers to execute arbitrary code on the device.

Recommendations: For versions prior to 01.00.0510, update the firmware to version 01.00.0510 or later to resolve the issue. As a temporary workaround, consider restricting access to firmware upgrades from untrusted sources to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-29664

Affected Products

Dji Mavic 2 Remote Controller

PT-2021-11706 · Dji · Dji Mavic 2 Remote Controller

CVE-2020-29664

Weakness Enumeration

Related Identifiers

Affected Products

References · 8