1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Dingtian
- Equipment: DT-R002
- Vulnerabilities: Insufficiently Protected Credentials
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to retrieve credentials without authentication.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Dingtian DT-R002, a relay board, are affected:
- DT-R002: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user’s username without authentication.
CVE-2025-10879 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
A CVSS v4 score has also been calculated for CVE-2025-10879. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).
3.2.2 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an atta
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: