A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDji Mavic 2
HWDjiwszystkie wersjeDji Mavic 2 Firmware
OSDji< 01.00.0510
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCECommand Injection
CWE
Referencje
Powiązane podatności
CVE-2022-46415CRITICAL9.1ten sam vendor
DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP...
CVE-2026-26673HIGH7.5ten sam vendor
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to ...
CVE-2007-1074HIGH9.3ten sam vendor
Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to exec...
CVE-2022-29945MEDIUM4.0ten sam vendor
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physi...