CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2022-29945
https://notcve.org/view.php?id=CVE-2022-29945
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol. Los dispositivos de drones de DJI vendidos en 2017 hasta 2022, transmiten información no cifrada sobre la ubicación física del operador del dron por medio del protocolo AeroScope • https://twitter.com/StarFire2258/status/1519767091829637120 https://twitter.com/d0tslash/status/1519774807776284672 https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-29664
https://notcve.org/view.php?id=CVE-2020-29664
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. Un problema de inyección de comando en DJI Mavic 2 Remote Controller versiones de firmware anteriores a 01.00.0510, permite una ejecución de código por medio de un paquete de actualización de firmware malicioso • http://hacktheplanet.nu/djihax.pdf http://kth.diva-portal.org/smash/get/diva2:1463784/FULLTEXT01.pdf https://gist.github.com/viktoredstrom/2f0463ebe7cd786904f229e11386e817 https://www.dji.com/mavic-2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •