7.5

CVE-2022-29945

Medienbericht
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DjiMavic 3 Firmware Version-
   DjiMavic 3 Version-
DjiRc Pro Firmware Version-
   DjiRc Pro Version-
DjiAir 2s Firmware Version-
   DjiAir 2s Version-
DjiAir 2 Firmware Version-
   DjiAir 2 Version-
DjiMini 2 Firmware Version-
   DjiMini 2 Version-
DjiMini Se Firmware Version-
   DjiMini Se Version-
DjiFpv Firmware Version-
   DjiFpv Version-
DjiFhantom 4 Pro Firmware Version-
   DjiFhantom 4 Pro Version-
   DjiFhantom 4 Pro Version2.0
DjiInspire 2 Firmware Version-
   DjiInspire 2 Version-
DjiZenmuse X7 Firmware Version-
   DjiZenmuse X7 Version-
DjiZenmuse X5s Firmware Version-
   DjiZenmuse X5s Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.443
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
cve@mitre.org 4 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.