Insufficiently Protected Credentials in Dingtian DT-R002_CVE-2025-10880

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.

Basic Information

ID CVE-2025-10880

Source icscert

Published Sep 25, 2025 at 16:32

Modified Sep 25, 2025 at 16:47

Affected Product

Vendor Dingtian

Product DT-R002

Version All versions

Affected Versions Dingtian DT-R002 All versions

CWE Classification

CWE-522

References

www.cisa.gov /news-events/ics-advisories/icsa-25-268-01

{
    "lastseen": "",
    "description": "All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary \"Dingtian Binary\" protocol password by sending an unauthenticated GET request.",
    "published": "2025-09-25T16:32:17.981Z",
    "modified": "2025-09-25T16:47:53.136Z",
    "type": "cve",
    "title": "Insufficiently Protected Credentials in Dingtian DT-R002",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01",
    "id": "CVE-2025-10880",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "Dingtian DT-R002 All versions",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DT-R002",
    "version": "All versions",
    "vendor": "Dingtian",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}