FKIE_CVE-2022-29945
Vulnerability from fkie_nvd - Published: 2022-04-29 20:15 - Updated: 2024-11-21 07:00
Severity
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://twitter.com/StarFire2258/status/1519767091829637120 | Third Party Advisory | |
| cve@mitre.org | https://twitter.com/d0tslash/status/1519774807776284672 | Third Party Advisory | |
| cve@mitre.org | https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking | Press/Media Coverage, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/StarFire2258/status/1519767091829637120 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/d0tslash/status/1519774807776284672 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking | Press/Media Coverage, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dji | mavic_3_firmware | - | |
| dji | mavic_3 | - | |
| dji | rc_pro_firmware | - | |
| dji | rc_pro | - | |
| dji | air_2s_firmware | - | |
| dji | air_2s | - | |
| dji | air_2_firmware | - | |
| dji | air_2 | - | |
| dji | mini_2_firmware | - | |
| dji | mini_2 | - | |
| dji | mini_se_firmware | - | |
| dji | mini_se | - | |
| dji | fpv_firmware | - | |
| dji | fpv | - | |
| dji | fhantom_4_pro_firmware | - | |
| dji | fhantom_4_pro | - | |
| dji | fhantom_4_pro | 2.0 | |
| dji | inspire_2_firmware | - | |
| dji | inspire_2 | - | |
| dji | zenmuse_x7_firmware | - | |
| dji | zenmuse_x7 | - | |
| dji | zenmuse_x5s_firmware | - | |
| dji | zenmuse_x5s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:mavic_3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F72CFF01-D956-42EA-8E73-B401F564A637",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:mavic_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12C177C0-5DAF-4DDD-9086-F897E4718065",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:rc_pro_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF40231D-2AC7-4766-995D-123541A66953",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:rc_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65AA1F71-E2CF-4929-99B1-18BEA993AF73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:air_2s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "204CDCDE-79A2-4D03-B048-A3582E329DBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:air_2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9AD300-B8B8-4D66-A22D-A4ECB5414C22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:air_2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8B649-7AA3-4446-A653-5D2F5464FB53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:air_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86A650F2-EE7E-4321-B824-1F81E7F04295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:mini_2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58D4A83-E95E-4B9C-8E25-C3E050FD4515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:mini_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982A5DF8-95FE-4E9B-B453-EFA52AADE3F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:mini_se_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BADA9736-0A8F-4AB1-AFC5-1F5F413B9A98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:mini_se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDA2491-54F4-4C4A-9142-DAB08E35F734",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:fpv_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5097FD3-42AD-49BA-8528-BA09EFA1EBEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:fpv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA61F9C0-C7F6-4993-90DE-15705F9BBEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:fhantom_4_pro_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0453A7-1767-4960-A013-273F03758190",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:fhantom_4_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29B091E9-EAAB-47D9-B3CD-F5A2C8F22F46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dji:fhantom_4_pro:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EB2854-9D2F-48BE-A09F-A50B4196BC06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:inspire_2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01E8C853-D127-4309-AA4B-5F70A852C316",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:inspire_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "014319A4-7A4C-469F-A051-91654791DC4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:zenmuse_x7_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6C3644-8D4F-46C9-8861-BBEA93E1CE94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:zenmuse_x7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "085550EE-A1D7-4A22-B93D-650599C5E1F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dji:zenmuse_x5s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F49EC8-1B44-4C67-8F9E-17EDEB78B430",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dji:zenmuse_x5s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9838F666-2E2A-4C83-928D-20F4312C3FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator\u0027s physical location via the AeroScope protocol."
},
{
"lang": "es",
"value": "Los dispositivos de drones de DJI vendidos en 2017 hasta 2022, transmiten informaci\u00f3n no cifrada sobre la ubicaci\u00f3n f\u00edsica del operador del dron por medio del protocolo AeroScope"
}
],
"evaluatorComment": "The vulnerable configuration displayed has \"-\" in the version component of each match string. This is because the precise mapping of the year that the relevant products were sold to a known numerical version is unknown at this time.",
"id": "CVE-2022-29945",
"lastModified": "2024-11-21T07:00:01.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-29T20:15:07.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/StarFire2258/status/1519767091829637120"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/d0tslash/status/1519774807776284672"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/StarFire2258/status/1519767091829637120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/d0tslash/status/1519774807776284672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…