Dt R002
by Dingtian
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1283 | Cri | 0.64 | 9.8 | 0.01 | Feb 13, 2025 | The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. | ||
| CVE-2022-29593 | Med | 0.42 | 5.9 | 0.10 | Jul 14, 2022 | relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request. | ||
| CVE-2025-10880 | 0.00 | — | 0.00 | Sep 25, 2025 | All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request. | |||
| CVE-2025-10879 | 0.00 | — | 0.00 | Sep 25, 2025 | All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication. |
- risk 0.64cvss 9.8epss 0.01
The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page.
- risk 0.42cvss 5.9epss 0.10
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
- CVE-2025-10880Sep 25, 2025risk 0.00cvss —epss 0.00
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.
- CVE-2025-10879Sep 25, 2025risk 0.00cvss —epss 0.00
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.