CVE-2022-29945 Information

Description

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator’s physical location via the AeroScope protocol.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://twitter.com/d0tslash/status/1519774807776284672 https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking https://twitter.com/StarFire2258/status/1519767091829637120

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5