mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
427 lines
12 KiB
JSON
427 lines
12 KiB
JSON
{
|
|
"id": "CVE-2022-29945",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2022-04-29T20:15:07.650",
|
|
"lastModified": "2023-08-08T14:22:24.967",
|
|
"vulnStatus": "Analyzed",
|
|
"evaluatorComment": "The vulnerable configuration displayed has \"-\" in the version component of each match string. This is because the precise mapping of the year that the relevant products were sold to a known numerical version is unknown at this time.",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Los dispositivos de drones de DJI vendidos en 2017 hasta 2022, transmiten informaci\u00f3n no cifrada sobre la ubicaci\u00f3n f\u00edsica del operador del dron por medio del protocolo AeroScope"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
},
|
|
{
|
|
"source": "cve@mitre.org",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.0,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.2,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-319"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:mavic_3_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F72CFF01-D956-42EA-8E73-B401F564A637"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:mavic_3:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12C177C0-5DAF-4DDD-9086-F897E4718065"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:rc_pro_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EF40231D-2AC7-4766-995D-123541A66953"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:rc_pro:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "65AA1F71-E2CF-4929-99B1-18BEA993AF73"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:air_2s_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "204CDCDE-79A2-4D03-B048-A3582E329DBE"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:air_2s:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4C9AD300-B8B8-4D66-A22D-A4ECB5414C22"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:air_2_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B6A8B649-7AA3-4446-A653-5D2F5464FB53"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:air_2:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "86A650F2-EE7E-4321-B824-1F81E7F04295"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:mini_2_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C58D4A83-E95E-4B9C-8E25-C3E050FD4515"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:mini_2:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "982A5DF8-95FE-4E9B-B453-EFA52AADE3F1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:mini_se_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BADA9736-0A8F-4AB1-AFC5-1F5F413B9A98"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:mini_se:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CEDA2491-54F4-4C4A-9142-DAB08E35F734"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:fpv_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E5097FD3-42AD-49BA-8528-BA09EFA1EBEF"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:fpv:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BA61F9C0-C7F6-4993-90DE-15705F9BBEC0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:fhantom_4_pro_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FF0453A7-1767-4960-A013-273F03758190"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:fhantom_4_pro:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "29B091E9-EAAB-47D9-B3CD-F5A2C8F22F46"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:fhantom_4_pro:2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F2EB2854-9D2F-48BE-A09F-A50B4196BC06"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:inspire_2_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "01E8C853-D127-4309-AA4B-5F70A852C316"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:inspire_2:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "014319A4-7A4C-469F-A051-91654791DC4A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:zenmuse_x7_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2C6C3644-8D4F-46C9-8861-BBEA93E1CE94"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:zenmuse_x7:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "085550EE-A1D7-4A22-B93D-650599C5E1F1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:dji:zenmuse_x5s_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C1F49EC8-1B44-4C67-8F9E-17EDEB78B430"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:dji:zenmuse_x5s:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9838F666-2E2A-4C83-928D-20F4312C3FBB"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://twitter.com/StarFire2258/status/1519767091829637120",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://twitter.com/d0tslash/status/1519774807776284672",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Press/Media Coverage",
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |