Vulnerabilities > DJI

DATE CVE VULNERABILITY TITLE RISK
2022-04-29 CVE-2022-29945 Cleartext Transmission of Sensitive Information vulnerability in DJI products
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
network
low complexity
dji CWE-319
7.5
2021-02-18 CVE-2020-29664 Command Injection vulnerability in DJI Mavic 2 Firmware
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.
local
low complexity
dji CWE-77
7.2
2007-02-22 CVE-2007-1074 Remote Buffer Overflow vulnerability in NewsBin Pro NBI File
Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.
network
dji
critical
9.3