CVE-2025-10880

Summary

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.

Affected Software

VendorProductVersion RangeStatus
DingtianDT-R002All versionsaffected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

Workarounds

The researchers recommend the following to help reduce risk:

  • Restrict access to HTTP (TCP/80), and the Dingtian Protocol on (UDP/60000) and (UDP/60001).

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References