28 matches found
CVE-2026-26673
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem...
CVE-2026-26673
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem...
EUVD-2023-59147
Malicious code in bioql PyPI...
EUVD-2023-56169
Malicious code in bioql PyPI...
EUVD-2023-56166
Malicious code in bioql PyPI...
EUVD-2023-56165
Malicious code in bioql PyPI...
EUVD-2022-34254
Malicious code in bioql PyPI...
EUVD-2023-59144
Malicious code in bioql PyPI...
EUVD-2023-56167
Malicious code in bioql PyPI...
EUVD-2023-56168
Malicious code in bioql PyPI...
CVE-2025-10250
A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...
CVE-2025-10250
A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...
CVE-2023-51456
A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2packarraytomsg function...
CVE-2023-6951
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...
CVE-2022-29945
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol...
The vulnerability of the v2_pack_array_to_msg function in the libv2_sdk.so library of the DJI Mavic 3 Pro, DJI Mavic 3, DJI Mavic 3 Classic, DJI Mavic 3 Enterprise, DJI Matrice 300, DJI Matrice M30, DJI Mavic Mini 3 Pro quadricopters allows a intruder to disclose protected information or execute arbitrary code.
The vulnerability of the v2packarraytomsg function in the libv2sdk.so library of the DJI Mavic 3 Pro, DJI Mavic 3, DJI Mavic 3 Classic, DJI Mavic 3 Enterprise, DJI Matrice 300, DJI Matrice M30, and DJI Mavic Mini 3 Pro quadricopters is related to insufficient validation of input data. Exploiting...
The vulnerability of micro-programmed quadrocopters’ software, such as DJI Mavic 3 Pro, DJI Mavic 3, DJI Mavic 3 Classic, DJI Mavic 3 Enterprise, DJI Matrice 300, DJI Matrice M30, DJI Mavic Mini 3 Pro, is related to the use of weak credentials. This allows a intruder to gain access to the device.
The vulnerability of microprogrammed software in DJI’s Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mavic Mini 3 Pro drones is related to the use of weak authentication credentials. Exploiting this vulnerability can allow a remote attacker to gain acces...
CVE-2023-6951
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...
CVE-2023-51452
A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pullfilev2proc function implemented in the libv2sdk.s...
CVE-2023-51452
The CVE-2023-51452 issue is an Improper Input Validation in DJI’s v2_sdk_service (listening on port 10000) that can crash the service via a crafted payload due to a missing input size check in the pull_file_v2_proc function within libv2_sdk.so used by dji_vtwo_sdk. Affected DJI devices and firmwa...