CVE-2022-29945

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dji:mavic_3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:mavic_3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dji:rc_pro_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:rc_pro:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dji:air_2s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:air_2s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dji:air_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:air_2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dji:mini_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:mini_2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dji:mini_se_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:mini_se:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dji:fpv_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:fpv:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dji:fhantom_4_pro_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:dji:fhantom_4_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:fhantom_4_pro:2.0:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dji:inspire_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:inspire_2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dji:zenmuse_x7_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:zenmuse_x7:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dji:zenmuse_x5s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:zenmuse_x5s:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:00

Type Values Removed Values Added
References () https://twitter.com/StarFire2258/status/1519767091829637120 - Third Party Advisory () https://twitter.com/StarFire2258/status/1519767091829637120 - Third Party Advisory
References () https://twitter.com/d0tslash/status/1519774807776284672 - Third Party Advisory () https://twitter.com/d0tslash/status/1519774807776284672 - Third Party Advisory
References () https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking - Press/Media Coverage, Third Party Advisory () https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking - Press/Media Coverage, Third Party Advisory
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 4.0

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-311 CWE-319

13 May 2022, 16:14

Type Values Removed Values Added
CWE CWE-311
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
References (MISC) https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking - (MISC) https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking - Press/Media Coverage, Third Party Advisory
References (MISC) https://twitter.com/d0tslash/status/1519774807776284672 - (MISC) https://twitter.com/d0tslash/status/1519774807776284672 - Third Party Advisory
References (MISC) https://twitter.com/StarFire2258/status/1519767091829637120 - (MISC) https://twitter.com/StarFire2258/status/1519767091829637120 - Third Party Advisory
CPE cpe:2.3:h:dji:zenmuse_x5s:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:mini_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:fhantom_4_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:zenmuse_x7_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:mavic_3:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:air_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:air_2:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:fpv_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:air_2s:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:air_2s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:inspire_2:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:inspire_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:zenmuse_x7:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:fhantom_4_pro_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:mini_2:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:mini_se:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:zenmuse_x5s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:mini_se_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:fpv:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:fhantom_4_pro:2.0:*:*:*:*:*:*:*
cpe:2.3:o:dji:rc_pro_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dji:rc_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:dji:mavic_3_firmware:-:*:*:*:*:*:*:*

29 Apr 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-29 20:15

Updated : 2024-11-21 07:00


NVD link : CVE-2022-29945

Mitre link : CVE-2022-29945

CVE.ORG link : CVE-2022-29945


JSON object : View

Products Affected

dji

  • rc_pro_firmware
  • fpv_firmware
  • mini_2_firmware
  • air_2s
  • fhantom_4_pro
  • air_2
  • zenmuse_x5s_firmware
  • zenmuse_x7
  • mavic_3_firmware
  • rc_pro
  • fpv
  • mini_se_firmware
  • mini_2
  • mini_se
  • inspire_2
  • zenmuse_x5s
  • zenmuse_x7_firmware
  • inspire_2_firmware
  • air_2s_firmware
  • mavic_3
  • air_2_firmware
  • fhantom_4_pro_firmware
CWE
CWE-319

Cleartext Transmission of Sensitive Information