Known exploits that can be pushed via DUML upgrade process.
TarAndFeather.rb - exploits system() and popen() of "rm" command on unsanatized file names.
Initial manifestation found by jan2642, dji_sys shown to execute system("rm %s") and system("rm -rf %s") depending on AC and firmware version
Secondary manifestation found by hostile, dji_sys shown to execute popen() on file names passed to the dji_verify command.