| [Suggested description] | |
| A command injection issue in | |
| dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | |
| ------------------------------------------ | |
| [VulnerabilityType Other] | |
| Command injection | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| DJI | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| DJI Mavic 2 Remote Controller - Firmware versions before 01.00.0510 (01.00.0100, 01.00.0200, 01.00.0300, 01.00.0400) | |
| ------------------------------------------ | |
| [Affected Component] | |
| Affected executable: dji_sys | |
| ------------------------------------------ | |
| [Attack Type] | |
| Local | |
| ------------------------------------------ | |
| [Impact Code execution] | |
| true | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| Malicious firmware upgrade packet sent via USB | |
| ------------------------------------------ | |
| [Reference] | |
| http://hacktheplanet.nu/djihax.pdf | |
| http://kth.diva-portal.org/smash/get/diva2:1463784/FULLTEXT01.pdf | |
| https://www.dji.com/mavic-2 | |
| ------------------------------------------ | |
| [Has vendor confirmed or acknowledged the vulnerability?] | |
| true | |
| ------------------------------------------ | |
| [Discoverer] | |
| Viktor Edstroem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment