CVE-2023-51456:Improper input validation in DJI v2_sdk_service (libv2_sdk.so) running on port 10000 allows an attacker on an adjacent network to trigger an out-of-bounds read/write via a crafted payload, potentially causing memory information disclosure or arbitrary code execution across multiple DJI drone models.

splash
Back

Description Preview

This CVE describes an Improper Input Validation vulnerability in the v2_sdk_service that is present on a range of DJI drones. The issue arises due to a missing input sanity check in the v2_pack_array_to_msg function within the libv2_sdk.so library, which is imported by the v2_sdk_service binary implementing the service. An attacker connected to the same network segment (adjacent network) can send a crafted payload to port 10000, which may cause an out-of-bounds read or write in the service’s memory. This could lead to memory information leakage or arbitrary code execution within the affected device. Affected models include Mavic 3 Pro (up to 01.01.0300), Mavic 3 (up to 01.00.1200), Mavic 3 Classic (up to 01.00.0500), Mavic 3 Enterprise (up to 07.01.10.03), Matrice 300 (up to 57.00.01.00), Matrice M30 (up to 07.01.0022), and Mini 3 Pro (up to 01.00.0620). The CVSS v3.1 metrics indicate an attack vector of adjacent network, high impact on confidentiality, integrity, and availability, with high attack complexity and requiring user interaction and low privileges.

Overview

The vulnerability is triggered by malformed input to the v2_sdk_service on port 10000 due to a missing input validation in v2_pack_array_to_msg within libv2_sdk.so. When exploited by an attacker on the same network, this can cause an out-of-bounds memory access in the service, potentially leaking memory contents or allowing arbitrary code execution. A broad set of DJI devices are affected, spanning several consumer and enterprise lines, with a moderate overall risk score reflecting the potential for remote compromise under certain conditions.

Remediation

  • Update to patched firmware as soon as available:
    • Mavic 3 Pro: upgrade to 01.01.0300 or newer.
    • Mavic 3: upgrade to 01.00.1200 or newer.
    • Mavic 3 Classic: upgrade to 01.00.0500 or newer.
    • Mavic 3 Enterprise: upgrade to 07.01.10.03 or newer.
    • Matrice 300: upgrade to 57.00.01.00 or newer.
    • Matrice M30: upgrade to 07.01.0022 or newer.
    • Mini 3 Pro: upgrade to 01.00.0620 or newer.
  • If you cannot immediately patch, mitigate exposure:
    • Restrict or disable external access to port 10000 on affected devices (e.g., firewall rules, network segmentation, or isolation of drones from untrusted networks).
    • Limit adjacent-network access to the affected devices and monitor network traffic for unusual activity.
    • Apply compensating controls as recommended by the vendor and monitor for announced mitigations or temporary workarounds.
  • Validate after patching:
    • Confirm the firmware version reflects the patched release.
    • Run baseline connectivity checks and monitor for any anomalous behavior on port 10000.
  • Contact the vendor for confirmation of fixes and guidance, and monitor advisory updates for any additional remediation steps.

References

  • Nozomi Networks vulnerability advisory for CVE-2023-51456: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51456/

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background