dji

Top products

The 15 most recently published vulnerabilities affecting dji.

• CVE-2026-26673An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem7.5Mar 4, 2026
• CVE-2026-1743DJI Mavic Mini/Air/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay3.1Feb 2, 2026
• CVE-2025-10250DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key5.0Sep 11, 2025
• CVE-2023-51456A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process...6.8Apr 2, 2024
• CVE-2023-51455A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due t...6.8Apr 2, 2024
• CVE-2023-51454A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a craft...6.8Apr 2, 2024
• CVE-2023-51453A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payl...3.0Apr 2, 2024
• CVE-2023-51452A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payl...3.0Apr 2, 2024
• CVE-2023-6951A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to ...6.6Apr 2, 2024
• CVE-2023-6950An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to ...3.0Apr 2, 2024
• CVE-2023-6949A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos ...5.2Apr 2, 2024
• CVE-2023-6948A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service throu...3.0Apr 2, 2024
• CVE-2022-46415DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the d...9.1Mar 27, 2023
• CVE-2022-29945DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.4.0Apr 29, 2022
• CVE-2020-29664A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.7.8Feb 18, 2021