{"id":"CVE-2021-34125","details":"An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.","modified":"2026-05-18T20:49:25.564082Z","published":"2023-03-09T23:15:10.657Z","references":[{"type":"WEB","url":"https://nuttx.apache.org/"},{"type":"WEB","url":"https://nuttx.apache.org/docs/latest/applications/nsh/commands.html#access-memory-mb-mh-and-mw"},{"type":"WEB","url":"https://www.st.com/resource/en/application_note/dm00493651-introduction-to-stm32-microcontrollers-security-stmicroelectronics.pdf"},{"type":"REPORT","url":"https://github.com/PX4/PX4-Autopilot/issues/17062"},{"type":"FIX","url":"https://github.com/PX4/PX4-Autopilot/pull/17264/commits/555f900cf52c0057e4c429ff3699c91911a21cab"},{"type":"FIX","url":"https://github.com/apache/incubator-nuttx-apps/pull/647/commits/2fc1157f8585acc39f13a31612ebf890f41e76ca"},{"type":"FIX","url":"https://github.com/apache/incubator-nuttx/pull/3292/commits/016873788280ca815ba886195535bbe601de6e48"},{"type":"EVIDENCE","url":"https://gist.github.com/swkim101/f473b9a60e6d4635268402a2cd2025ac"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/px4/px4-autopilot","events":[{"introduced":"0"},{"last_affected":"a6274bc5ed01e5c86af79f89890689c239b1d944"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.11.3"}]}}],"versions":["v1.11.3","v1.11.2","v1.11.1","v1.11.0","v1.11.0-rc3","v1.11.0-rc2","v1.11.0-rc1","v1.11.0-beta2","v1.11.0-beta1","v1.10.0-beta4","v1.10.0-beta3","v1.10.0-beta2","v1.10.0-beta1","v1.9.0-rc2","v1.9.0","v1.9.0-rc1","v1.9.0-rc0","v1.9.0-beta3","v1.9.0-beta2","v1.9.0-beta1","v1.9.0-alpha","v1.8.0","v1.8.0-rc0","v1.8.0-beta2","v1.8.0-beta1","v1.7.4beta","v1.7.3","v1.7.3beta","v1.7.2","v1.7.1","v1.7.0","v1.7.0-rc4","v1.7.0-rc3","v1.7.0-rc2","v1.7.0-rc1","v1.7.0-rc0","v1.6.5","v1.6.4","v1.6.2","v1.6.0-rc4","v1.6.0-rc3","v1.6.0-rc2","v1.6.0rc1","v1.5.2","v1.5.1","v1.5.1rc4","v1.5.1rc3","v1.5.1rc2","v1.5.0","v1.4.4rc1","v1.4.3","v1.4.2","v1.4.1","v1.4.1rc4","v1.4.1rc3","v1.4.1rc2","v1.4.1rc1","v1.4.0rc4","v1.4.0rc3","v1.4.0rc2","v1.4.0rc1","v1.3.2","v1.3.0rc3","v1.3.0rc2","v1.3.0rc1","v1.1.3","v1.1.2","v1.1.1","v1.1.0beta3","v1.1.0beta1","v1.0.0beta2","v1.0.0rc12","v1.0.0rc9","v1.0.0rc10","v1.0.0rc8","v1.0.0rc7","v1.0.0-rc3","v1.0.0-rc2","v1.0.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34125.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}