VYPR
Vendor

Dji

Products
18
CVEs
16
Across products
50
Status
Private

Products

18

Recent CVEs

16
  • CVE-2022-46415CriMar 27, 2023
    risk 0.59cvss 9.1epss 0.01

    DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the…

  • CVE-2020-29664HigFeb 18, 2021
    risk 0.51cvss 7.8epss 0.01

    A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.

  • CVE-2023-51456MedApr 2, 2024
    risk 0.44cvss 6.8epss 0.00

    A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the…

  • CVE-2023-51455MedApr 2, 2024
    risk 0.44cvss 6.8epss 0.00

    A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function…

  • CVE-2023-51454MedApr 2, 2024
    risk 0.44cvss 6.8epss 0.00

    A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive…

  • CVE-2023-6951MedApr 2, 2024
    risk 0.43cvss 6.6epss 0.00

    A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform…

  • CVE-2023-6949MedApr 2, 2024
    risk 0.34cvss 5.2epss 0.00

    A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any…

  • CVE-2025-10250MedSep 11, 2025
    risk 0.33cvss 5.0epss 0.00

    A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local…

  • CVE-2022-29945MedApr 29, 2022
    risk 0.26cvss 4.0epss 0.01

    DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.

  • CVE-2026-1743LowFeb 2, 2026
    risk 0.20cvss 3.1epss 0.00

    A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be…

  • CVE-2023-6950LowApr 2, 2024
    risk 0.20cvss 3.0epss 0.00

    An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service…

  • CVE-2023-6948LowApr 2, 2024
    risk 0.20cvss 3.0epss 0.00

    A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf…

  • CVE-2023-51453LowApr 2, 2024
    risk 0.20cvss 3.0epss 0.00

    A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the process_push_file function…

  • CVE-2023-51452LowApr 2, 2024
    risk 0.20cvss 3.0epss 0.00

    A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pull_file_v2_proc function…

  • CVE-2007-1074Feb 22, 2007
    risk 0.04cvss epss 0.07

    Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.

  • CVE-2026-26673Mar 4, 2026
    risk 0.00cvss epss 0.00

    An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem