CVE-2022-29945

MEDIUM

DJI Drone Firmware - Unencrypted Location Data Transmission via AeroScope Protocol

Title source: llm

Description

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.

References (3)

Core 3

Core References

Press/Media Coverage, Third Party Advisory x_refsource_misc

https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking

Third Party Advisory x_refsource_misc

https://twitter.com/d0tslash/status/1519774807776284672

Third Party Advisory x_refsource_misc

https://twitter.com/StarFire2258/status/1519767091829637120

Scores

CVSS v3 4.0

EPSS 0.0065

EPSS Percentile 45.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-319

Status published

Products (11)

dji/air_2_firmware

dji/air_2s_firmware

dji/fhantom_4_pro_firmware

dji/fpv_firmware

dji/inspire_2_firmware

dji/mavic_3_firmware

dji/mini_2_firmware

dji/mini_se_firmware

dji/rc_pro_firmware

dji/zenmuse_x5s_firmware

... and 1 more

Published Apr 29, 2022

Tracked Since Feb 18, 2026