Vulnerability Details CVE-2020-29664
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://hacktheplanet.nu/djihax.pdf
- http://kth.diva-portal.org/smash/get/diva2:1463784/FULLTEXT01.pdf
- https://gist.github.com/viktoredstrom/2f0463ebe7cd786904f229e11386e817
- https://www.dji.com/mavic-2
- http://hacktheplanet.nu/djihax.pdf
- http://kth.diva-portal.org/smash/get/diva2:1463784/FULLTEXT01.pdf
- https://gist.github.com/viktoredstrom/2f0463ebe7cd786904f229e11386e817
- https://www.dji.com/mavic-2
Products affected by CVE-2020-29664
-
cpe:2.3:h:dji:mavic_2:-
-
cpe:2.3:o:dji:mavic_2_firmware:*