CVE-2021-34125

moderate-risk
Published 2023-03-09

An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.

Do I need to act?

-
0.61% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (2)

Mantis Q Firmware

Affected Vendors

Dronecode Yuneec

References (16)

Exploit https://gist.github.com/swkim101/f473b9a60e6d4635268402a2cd2025ac
Exploit https://github.com/PX4/PX4-Autopilot/issues/17062
Patch https://github.com/PX4/PX4-Autopilot/pull/17264/commits/555f900cf52c0057e4c429ff...
Patch https://github.com/apache/incubator-nuttx-apps/pull/647/commits/2fc1157f8585acc3...
Patch https://github.com/apache/incubator-nuttx/pull/3292/commits/016873788280ca815ba8...
Product https://nuttx.apache.org/
Product https://nuttx.apache.org/docs/latest/applications/nsh/commands.html#access-memor...
Product https://www.st.com/resource/en/application_note/dm00493651-introduction-to-stm32...
Exploit https://gist.github.com/swkim101/f473b9a60e6d4635268402a2cd2025ac
Exploit https://github.com/PX4/PX4-Autopilot/issues/17062
Patch https://github.com/PX4/PX4-Autopilot/pull/17264/commits/555f900cf52c0057e4c429ff...
Patch https://github.com/apache/incubator-nuttx-apps/pull/647/commits/2fc1157f8585acc3...
Patch https://github.com/apache/incubator-nuttx/pull/3292/commits/016873788280ca815ba8...
Product https://nuttx.apache.org/
Product https://nuttx.apache.org/docs/latest/applications/nsh/commands.html#access-memor...
Product https://www.st.com/resource/en/application_note/dm00493651-introduction-to-stm32...
35
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 7/34 · Low