CVE-2024-52876 Information

Description

Holy Stone Remote ID Module HSRID01 firmware distributed with the Drone Go2 mobile application before 1.1.8 allows unauthenticated emote power off\ actions (in broadcast mode) via multiple read operations on the ASTM Remote ID (0xFFFA) GATT.

Reference

https://coalfire.com/the-coalfire-blog/holy-stone-remote-id-vulnerability-disclosure