Mavic 3 Pro
by Dji
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-51456 | Med | 0.44 | 6.8 | 0.00 | Apr 2, 2024 | A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the… | ||
| CVE-2023-51454 | Med | 0.44 | 6.8 | 0.00 | Apr 2, 2024 | A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive… | ||
| CVE-2023-6951 | Med | 0.43 | 6.6 | 0.00 | Apr 2, 2024 | A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform… | ||
| CVE-2023-6949 | Med | 0.34 | 5.2 | 0.00 | Apr 2, 2024 | A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any… | ||
| CVE-2023-6948 | Low | 0.20 | 3.0 | 0.00 | Apr 2, 2024 | A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf… | ||
| CVE-2023-51453 | Low | 0.20 | 3.0 | 0.00 | Apr 2, 2024 | A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the process_push_file function… |
- risk 0.44cvss 6.8epss 0.00
A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the…
- risk 0.44cvss 6.8epss 0.00
A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive…
- risk 0.43cvss 6.6epss 0.00
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform…
- risk 0.34cvss 5.2epss 0.00
A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any…
- risk 0.20cvss 3.0epss 0.00
A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf…
- risk 0.20cvss 3.0epss 0.00
A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the process_push_file function…