CVE-2023-6950

LOW Year: 2023
CVSS v3 Score
3.0
Low
Weakness Type
CWE-1286
View all →

Vulnerability Description

An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service itself.

Related Vulnerabilities

CVE-2024-8160

LOW
CVSS:3.8(Low)

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being a...

CWE-12862024

CVE-2020-16220

MEDIUM
CVSS:4.3(Medium)

In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain ...

CWE-12862020

CVE-2023-24015

MEDIUM
CVSS:4.3(Medium)

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be ...

CWE-12862023

CVE-2024-8772

MEDIUM
CVSS:4.3(Medium)

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overl...

CWE-12862024

CVE-2023-23903

MEDIUM
CVSS:4.9(Medium)

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return a...

CWE-12862023

CVE-2021-31988

HIGH
CVSS:8.8(High)

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SM...

CWE-12862021