Main Vulnerability Database SB2025092627

SB2025092627 - Multiple vulnerabilities in Dingtian DT-R002

Published: September 26, 2025

Security Bulletin ID SB2025092627

Severity

Medium

Patch available

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Insufficiently protected credentials (CVE-ID: CVE-2025-10879)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote attacker can retrieve the current user's username without authentication.

2) Insufficiently protected credentials (CVE-ID: CVE-2025-10880)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote attacker can send a specially crafted GET request and extract the proprietary "Dingtian Binary" protocol password.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01