DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
References
Link | Resource |
---|---|
https://twitter.com/StarFire2258/status/1519767091829637120 | Third Party Advisory |
https://twitter.com/d0tslash/status/1519774807776284672 | Third Party Advisory |
https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking | Press/Media Coverage Third Party Advisory |
https://twitter.com/StarFire2258/status/1519767091829637120 | Third Party Advisory |
https://twitter.com/d0tslash/status/1519774807776284672 | Third Party Advisory |
https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking | Press/Media Coverage Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
History
21 Nov 2024, 07:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://twitter.com/StarFire2258/status/1519767091829637120 - Third Party Advisory | |
References | () https://twitter.com/d0tslash/status/1519774807776284672 - Third Party Advisory | |
References | () https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking - Press/Media Coverage, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 4.0 |
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-319 |
13 May 2022, 16:14
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-311 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking - Press/Media Coverage, Third Party Advisory | |
References | (MISC) https://twitter.com/d0tslash/status/1519774807776284672 - Third Party Advisory | |
References | (MISC) https://twitter.com/StarFire2258/status/1519767091829637120 - Third Party Advisory | |
CPE | cpe:2.3:h:dji:zenmuse_x5s:-:*:*:*:*:*:*:* cpe:2.3:o:dji:mini_2_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dji:fhantom_4_pro:-:*:*:*:*:*:*:* cpe:2.3:o:dji:zenmuse_x7_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dji:mavic_3:-:*:*:*:*:*:*:* cpe:2.3:o:dji:air_2_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dji:air_2:-:*:*:*:*:*:*:* cpe:2.3:o:dji:fpv_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dji:air_2s:-:*:*:*:*:*:*:* cpe:2.3:o:dji:air_2s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dji:inspire_2:-:*:*:*:*:*:*:* cpe:2.3:o:dji:inspire_2_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dji:zenmuse_x7:-:*:*:*:*:*:*:* cpe:2.3:o:dji:fhantom_4_pro_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dji:mini_2:-:*:*:*:*:*:*:* cpe:2.3:h:dji:mini_se:-:*:*:*:*:*:*:* cpe:2.3:o:dji:zenmuse_x5s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dji:mini_se_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dji:fpv:-:*:*:*:*:*:*:* cpe:2.3:h:dji:fhantom_4_pro:2.0:*:*:*:*:*:*:* cpe:2.3:o:dji:rc_pro_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dji:rc_pro:-:*:*:*:*:*:*:* cpe:2.3:o:dji:mavic_3_firmware:-:*:*:*:*:*:*:* |
29 Apr 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-29 20:15
Updated : 2024-11-21 07:00
NVD link : CVE-2022-29945
Mitre link : CVE-2022-29945
CVE.ORG link : CVE-2022-29945
JSON object : View
Products Affected
dji
- rc_pro_firmware
- fpv_firmware
- mini_2_firmware
- air_2s
- fhantom_4_pro
- air_2
- zenmuse_x5s_firmware
- zenmuse_x7
- mavic_3_firmware
- rc_pro
- fpv
- mini_se_firmware
- mini_2
- mini_se
- inspire_2
- zenmuse_x5s
- zenmuse_x7_firmware
- inspire_2_firmware
- air_2s_firmware
- mavic_3
- air_2_firmware
- fhantom_4_pro_firmware
CWE
CWE-319
Cleartext Transmission of Sensitive Information