CVE-2023-6948

Vulnerability

Overview The vulnerability is a buffer copy without checking size (CWE-120) in the v2_sdk_service running on port 10000 of certain DJI drone models. The issue exists in the sdk_printf function within the libv2_sdk.so library, used by the dji_vtwo_sdk binary. A crafted payload triggers a missing input size check, leading to a buffer overflow that crashes the service [1].

Attack

Vector An attacker on the same network (adjacent) can send a specially crafted payload to port 10000 to exploit the flaw. The CVSS vector indicates low attack complexity and some privileges are required (PR:L) along with user interaction (UI:R), but the advisory notes that an attacker can cause a denial of service without authentication beyond network access [1].

Impact

Successful exploitation results in a crash of the v2_sdk_service, leading to a denial of service (availability impact). No confidentiality or integrity compromise is reported. Affected models include Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mini 3 Pro on vulnerable firmware versions [1].

Mitigation

Users should upgrade the firmware of affected drones to the latest versions provided by DJI. Specific patched versions are listed in the advisory; for example, Mavic 3 Pro must be updated to v01.01.0300 or later. No workaround is available apart from updating [1].