CVE-2023-51453

Name of the Vulnerable Software and Affected Versions DJI Mavic 3 Pro versions prior to v01.01.0300 DJI Mavic 3 versions prior to v01.00.1200 DJI Mavic 3 Classic versions prior to v01.00.0500 DJI Mavic 3 Enterprise versions prior to v07.01.10.03 DJI Matrice 300 versions prior to v57.00.01.00 DJI Matrice M30 versions prior to v07.01.0022 DJI Mini 3 Pro versions prior to v01.00.0620

Description An Improper Input Validation issue affects the v2 sdk service running on a set of DJI drone devices on the port 10000. This issue could allow an attacker to cause a crash of the service through a crafted payload, triggering a missing input size check in the process push file function implemented in the libv2 sdk.so library used by the dji vtwo sdk binary. This compromises the service in terms of availability and produces a denial-of-service attack.

Recommendations For DJI Mavic 3 Pro versions prior to v01.01.0300, update to version v01.01.0300 or later. For DJI Mavic 3 versions prior to v01.00.1200, update to version v01.00.1200 or later. For DJI Mavic 3 Classic versions prior to v01.00.0500, update to version v01.00.0500 or later. For DJI Mavic 3 Enterprise versions prior to v07.01.10.03, update to version v07.01.10.03 or later. For DJI Matrice 300 versions prior to v57.00.01.00, update to version v57.00.01.00 or later. For DJI Matrice M30 versions prior to v07.01.0022, update to version v07.01.0022 or later. For DJI Mini 3 Pro versions prior to v01.00.0620, update to version v01.00.0620 or later. As a temporary workaround, consider disabling the process push file function until a patch is available. Restrict access to the libv2 sdk.so library to minimize the risk of exploitation. Avoid using the vulnerable v2 sdk service on port 10000 until the issue is resolved.