Filtered by vendor Dji
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51456 | 1 Dji | 5 Matrice 300 Firmware, Matrice M30 Firmware, Mavic 3 Firmware and 2 more | 2024-11-21 | 6.8 Medium |
| A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | ||||
| CVE-2022-46415 | 1 Dji | 2 Spark, Spark Firmware | 2024-11-21 | 9.1 Critical |
| DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets. | ||||
| CVE-2022-29945 | 1 Dji | 22 Air 2, Air 2 Firmware, Air 2s and 19 more | 2024-11-21 | 4 Medium |
| DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol. | ||||
| CVE-2020-29664 | 1 Dji | 2 Mavic 2, Mavic 2 Firmware | 2024-11-21 | 7.8 High |
| A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | ||||
| CVE-2007-1074 | 1 Dji | 1 Newsbin Pro | 2024-11-21 | N/A |
| Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. | ||||
Page 1 of 1.