Home

Description

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.

PUBLISHED Reserved 2025-09-23 | Published 2025-09-25 | Updated 2025-09-25 | Assigner icscert




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-522 Insufficiently Protected Credentials

Product status

Default status
unaffected

All versions
affected

Credits

Nicolas Cano and Reid Wightman of Dragos finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-268-01 government-resource

cve.org (CVE-2025-10880)

nvd.nist.gov (CVE-2025-10880)

Download JSON