Main Vulnerability Database SB2022071904

SB2022071904 - Authentication Bypass by Capture-replay in Dingtian DT-R002

Published: July 19, 2022 Updated: October 27, 2023

Security Bulletin ID SB2022071904

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Authentication Bypass by Capture-replay (CVE-ID: CVE-2022-29593)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an authentication bypass by capture-replay in the relay_cgi.cgi. A remote attacker can control the devices attached to the relays without requiring authentication.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-01