PT-2024-35473 · Holy Stone · Drone Go2+1
Matt Foster
·
Published
2024-11-16
·
Updated
2024-12-18
·
CVE-2024-52876
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before version 1.1.8
Description:
The issue allows unauthenticated "remote power off" actions in broadcast mode via multiple read operations on the ASTM Remote ID (0xFFFA) GATT. This can be exploited through the Drone Go2 mobile application.
Recommendations:
For Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before version 1.1.8, update the firmware to version 1.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the ASTM Remote ID (0xFFFA) GATT to minimize the risk of exploitation.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drone Go2
Holy Stone Remote Id Module Hsrid01