CVE-2022-29945

Published: Apr 29, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.

Affected (11)

Products: Dji: Mavic 3 Firmware, Rc Pro Firmware, Air 2s Firmware, Air 2 Firmware, Mini 2 Firmware, Mini Se Firmware, Fpv Firmware, Fhantom 4 Pro Firmware, Inspire 2 Firmware, Zenmuse X7 Firmware, Zenmuse X5s Firmware

11 products

Fhantom 4 Pro Firmware

Inspire 2 Firmware

Zenmuse X7 Firmware

Zenmuse X5s Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Mavic 3 Firmware	All versions

Running on/with	Platform Versions
Dji Mavic 3	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Rc Pro Firmware	All versions

Running on/with	Platform Versions
Dji Rc Pro	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Air 2s Firmware	All versions

Running on/with	Platform Versions
Dji Air 2s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Air 2 Firmware	All versions

Running on/with	Platform Versions
Dji Air 2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Mini 2 Firmware	All versions

Running on/with	Platform Versions
Dji Mini 2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Mini Se Firmware	All versions

Running on/with	Platform Versions
Dji Mini Se	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Fpv Firmware	All versions

Running on/with	Platform Versions
Dji Fpv	All versions

Configuration H

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dji Fhantom 4 Pro Firmware	All versions

Running on/with	Platform Versions
Dji Fhantom 4 Pro	All versions
Dji Fhantom 4 Pro	Version 2.0

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Inspire 2 Firmware	All versions

Running on/with	Platform Versions
Dji Inspire 2	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Zenmuse X7 Firmware	All versions

Running on/with	Platform Versions
Dji Zenmuse X7	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dji Zenmuse X5s Firmware	All versions

Running on/with	Platform Versions
Dji Zenmuse X5s	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (6)

https://twitter.com/StarFire2258/status/1519767091829637120

Source: cve@mitre.org

Third Party Advisory

https://twitter.com/d0tslash/status/1519774807776284672

Source: cve@mitre.org

Third Party Advisory

https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking

Source: cve@mitre.org

Press/Media CoverageThird Party Advisory

https://twitter.com/StarFire2258/status/1519767091829637120

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://twitter.com/d0tslash/status/1519774807776284672

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media CoverageThird Party Advisory

Timeline

No history available yet.