Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)
Vulnerability Description
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem without authentication. On NuttX targets, the FTP root directory is an empty string, meaning attacker-supplied paths are passed directly to filesystem syscalls with no prefix or sanitization for read operations. On POSIX targets (Linux companion computers, SITL), the write-path validation function unconditionally returns true, providing no protection. A TOCTOU race condition in the write validation on NuttX further allows bypassing the only existing guard. This vulnerability is fixed in 1.17.0-rc2.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
PX4-Autopilot 路径遍历漏洞
Vulnerability Description
PX4-Autopilot是PX4 Autopilot开源的一个无人机自动驾驶系统。 PX4-Autopilot 1.17.0-rc2之前版本存在路径遍历漏洞,该漏洞源于PX4 Autopilot MAVLink FTP实现中存在未经验证的路径遍历,可能导致任何MAVLink对等方无需身份验证即可对飞行控制器文件系统上的任意文件进行读写操作。
CVSS Information
N/A
Vulnerability Type
N/A