Dingtian has not responded to requests to fix an authentication bypass by capture-replay vulnerability in its DT-R002 where public exploits are available, according to a report with CISA.

Successful exploitation of this remotely exploitable vulnerability could allow an attacker to bypass authentication. CISA discovered a public Proof of Concept (PoC) authored by Victor Hanna of Trustwave SpiderLabs.

The following versions of Dingtian DT-R002, a relay board, suffer from the issue: Version 3.1.276A.

In the vulnerability, relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.

CVE-2022-29593 is the case number assigned to this vulnerability, which has as CVSS v3.1 base score of 5.9.

Schneider Bold

The product sees use mainly in the critical manufacturing sector.

This vulnerability has a high attack complexity.

China-based Dingtian has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of Dingtian DT-R002 should contact Dingtian customer support for additional information.


Pin It on Pinterest

Share This