MidnightBSD

Advisories for dji

CVE-2020-29664 HIGH

A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dji mavic_2_firmware *
CVE-2022-29945 MEDIUM

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N 2.2 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
dji zenmuse_x7_firmware -
dji air_2_firmware -
dji fpv_firmware -
dji mavic_3_firmware -
dji fhantom_4_pro_firmware -
dji inspire_2_firmware -
dji air_2s_firmware -
dji rc_pro_firmware -
dji zenmuse_x5s_firmware -
dji mini_2_firmware -
dji mini_se_firmware -
CVE-2022-46415

DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H 3.1 5.3
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
dji spark_firmware 01.00.0900
CVE-2026-26673

An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dji spark_firmware *
dji mini_se_firmware *
dji mavic_mini_firmware *