[Suggested description] | |
A command injection issue in | |
dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | |
------------------------------------------ | |
[VulnerabilityType Other] | |
Command injection | |
------------------------------------------ | |
[Vendor of Product] | |
DJI | |
------------------------------------------ | |
[Affected Product Code Base] | |
DJI Mavic 2 Remote Controller - Firmware versions before 01.00.0510 (01.00.0100, 01.00.0200, 01.00.0300, 01.00.0400) | |
------------------------------------------ | |
[Affected Component] | |
Affected executable: dji_sys | |
------------------------------------------ | |
[Attack Type] | |
Local | |
------------------------------------------ | |
[Impact Code execution] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
Malicious firmware upgrade packet sent via USB | |
------------------------------------------ | |
[Reference] | |
http://hacktheplanet.nu/djihax.pdf | |
http://kth.diva-portal.org/smash/get/diva2:1463784/FULLTEXT01.pdf | |
https://www.dji.com/mavic-2 | |
------------------------------------------ | |
[Has vendor confirmed or acknowledged the vulnerability?] | |
true | |
------------------------------------------ | |
[Discoverer] | |
Viktor Edstroem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment