dji 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー、vendor risk denial of service, and vendor risk command injection があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-26673 | An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem | [email protected] | 7.5 | 0.15% | 2026-03-04 | 2026-03-05 |
| CVE-2022-46415 | DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets. | [email protected] | 9.1 | 0.69% | 2023-03-27 | 2025-02-19 |
| CVE-2022-29945 | DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol. | [email protected] | 4.0 | 0.20% | 2022-04-29 | 2024-11-21 |
| CVE-2020-29664 | A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | [email protected] | 7.8 | 0.46% | 2021-02-18 | 2024-11-21 |
| CVE-2007-1074 | Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. | [email protected] | 9.3 | 25.12% | 2007-02-22 | 2026-04-23 |