关键信息 1. 漏洞名称: - Holy Stone Remote ID Vulnerability Disclosure 2. 发布者: - Matt Foster - Senior Consultant - Cyber Security Services 3. 发布日期: - November 6, 2024 4. 相关解决方案: - Cybersecurity 5. 漏洞详细信息: - CVE-2024-52876 - CVSS: 7.1 (AV:A/AC:L/AT:N/PR:N/UI:N/SC:N/VI:N/VA:H/SA:N) - 产品: - Holy Stone Remote ID Module HSRID01 - 受影响版本: - Firmware distributed with the Drone Go2 mobile app prior to version 1.1.8 - 漏洞描述: - The remote ID module is vulnerable to remote power off while configured for broadcast mode. Exploitation does not require authentication or user interaction. An attacker can exploit the vulnerability by connecting to the module over Bluetooth and performing multiple read operations on the ASTM Remote ID (0xFFFA) generic attribute profile (GATT). 6. 通信历史: - July 7, 2024 - Initial disclosure to Holy Stone - September 12, 2024 - Acknowledgement from Holy Stone - October 3, 2024 - Holy Stone released patch 相关链接 产品链接: https://store.holystone.com/products/holy-stone-drone-remote-id-module CVE链接: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52876