PT-2022-19927 · Dji · Dji Drone Devices
Kevin Finisterre
·
Published
2022-04-29
·
Updated
2023-08-08
·
CVE-2022-29945
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DJI drone devices sold in 2017 through 2022
Description
The issue concerns DJI drone devices broadcasting unencrypted information about the drone operator's physical location via the AeroScope protocol.
Recommendations
For DJI drone devices sold in 2017 through 2022, consider disabling the AeroScope protocol until a patch or fix is available to prevent the broadcast of unencrypted location information.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dji Drone Devices