CVE-2025-10879
📋 TL;DR
Dingtian DT-R002 devices have an insufficiently protected credentials vulnerability that allows unauthenticated attackers to retrieve the current username. This affects all versions of DT-R002 devices and could facilitate further attacks by revealing user account information.
💻 Affected Systems
- Dingtian DT-R002
📦 What is this software?
Dt R002 Firmware by Dingtian Tech
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could enumerate valid usernames and use them for credential stuffing, brute force attacks, or social engineering to gain unauthorized access to the system.
Likely Case
Attackers discover valid usernames which could be used for targeted password attacks or to map the system's user structure.
If Mitigated
With proper network segmentation and access controls, the impact is limited to information disclosure about user accounts.
🎯 Exploit Status
The vulnerability allows unauthenticated username retrieval, making exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor for latest firmware update
Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01
Restart Required: Yes
Instructions:
1. Contact Dingtian for latest firmware. 2. Backup current configuration. 3. Apply firmware update. 4. Reboot device. 5. Verify fix.
🔧 Temporary Workarounds
Network Segmentation
allIsolate DT-R002 devices from untrusted networks and internet exposure
Access Control Lists
allImplement strict network ACLs to limit access to DT-R002 management interfaces
🧯 If You Can't Patch
- Segment DT-R002 devices in isolated network zones with no internet access
- Implement strict firewall rules to allow only trusted IP addresses to access DT-R002 management interfaces
🔍 How to Verify
Check if Vulnerable:
Attempt to retrieve username via unauthenticated request to the vulnerable endpoint (specific endpoint not disclosed in advisory)Check Version:
Check device web interface or CLI for firmware version informationVerify Fix Applied:
After patching, verify that unauthenticated requests no longer return username information📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts following username enumeration
- Unusual access patterns to user information endpoints
Network Indicators:
- Unusual traffic to DT-R002 management interfaces from untrusted sources
- Requests to username-related endpoints without authentication
SIEM Query:
source_ip NOT IN trusted_networks AND destination_port IN [management_ports] AND http_method IN [GET,POST] AND uri CONTAINS 'user'