CVE-2025-10879

Summary

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.

Affected Software

VendorProductVersion RangeStatus
DingtianDT-R002All versionsaffected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

Workarounds

The researchers recommend the following to help reduce risk:

  • Restrict access to HTTP (TCP/80), and the Dingtian Protocol on (UDP/60000) and (UDP/60001).

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References