Unencrypted Location Data Vulnerability in DJI Drone Devices
CVE-2022-29945

4MEDIUM

Key Information:

Vendor

Dji

Status
Mavic 3 Firmware
Vendor
CVE Published:
29 April 2022

What is CVE-2022-29945?

DJI drone devices manufactured and sold between 2017 and 2022 are susceptible to a vulnerability that allows the unencrypted transmission of the operator's physical location through the AeroScope protocol. This flaw could potentially expose sensitive location data to unauthorized parties, posing privacy risks for drone operators. It is crucial for users to be aware of this vulnerability and consider protective measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.theverge.com/2022/4/28/23046916/dji-aeroscope...
x_refsource_MISC
https://twitter.com/d0tslash/status/1519774807776284672
x_refsource_MISC
https://twitter.com/StarFire2258/status/1519767091829637120
x_refsource_MISC

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.