CVE-2025-10880
📋 TL;DR
Dingtian DT-R002 devices have an insufficiently protected credentials vulnerability that allows unauthenticated attackers to extract proprietary protocol passwords via simple GET requests. This affects all versions of the DT-R002 device, potentially exposing network credentials to unauthorized parties.
💻 Affected Systems
- Dingtian DT-R002
📦 What is this software?
Dt R002 Firmware by Dingtian Tech
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full access to the proprietary protocol, potentially compromising the entire Dingtian ecosystem, performing unauthorized operations, or using extracted credentials for lateral movement.
Likely Case
Attackers extract protocol passwords and gain unauthorized access to Dingtian systems, potentially manipulating device configurations or intercepting communications.
If Mitigated
With proper network segmentation and access controls, impact is limited to isolated network segments, though credentials remain exposed.
🎯 Exploit Status
Exploitation requires only sending a GET request to the vulnerable endpoint. No authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None available
Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01
Restart Required: No
Instructions:
No official patch available. Contact Dingtian vendor for firmware updates or replacement options.
🔧 Temporary Workarounds
Network Segmentation
allIsolate DT-R002 devices in separate VLANs with strict firewall rules to prevent unauthorized access.
Access Control Lists
allImplement network ACLs to restrict access to DT-R002 devices only to authorized management systems.
🧯 If You Can't Patch
- Remove DT-R002 devices from internet-facing networks immediately
- Implement strict network segmentation and monitor all traffic to/from DT-R002 devices
🔍 How to Verify
Check if Vulnerable:
Send GET request to DT-R002 device endpoint and check if proprietary protocol password is returned in response.Check Version:
Check device firmware version via web interface or serial console (vendor-specific command)Verify Fix Applied:
No fix available to verify. Monitor vendor for firmware updates.📡 Detection & Monitoring
Log Indicators:
- Unusual GET requests to DT-R002 endpoints
- Multiple failed authentication attempts followed by successful credential extraction
Network Indicators:
- Unusual traffic patterns to DT-R002 devices from unauthorized sources
- GET requests to proprietary protocol endpoints
SIEM Query:
source_ip=* AND dest_ip=DT-R002_IP AND http_method=GET AND uri_contains="dingtian"