HIGH🇬🇧 English

CVE-2020-29664

CVSS 7.8v3.1pub. 2021-02-18upd. 2024-11-21

A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Dji Mavic 2

    HW
    Dji
    wszystkie wersje
  • Dji Mavic 2 Firmware

    OS
    Dji
    < 01.00.0510
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCECommand Injection
CWE
Referencje

Powiązane podatności

CVE-2022-46415CRITICAL9.1ten sam vendor

DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP...

CVE-2026-26673HIGH7.5ten sam vendor

An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to ...

CVE-2007-1074HIGH9.3ten sam vendor

Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to exec...

CVE-2022-29945MEDIUM4.0ten sam vendor

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physi...