Main Vulnerability Database Vulnerabilities #VU65419

Authentication Bypass by Capture-replay in DT-R002 - CVE-2022-29593

Published: July 19, 2022 / Updated: October 27, 2023

Vulnerability identifier: #VU65419

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2022-29593

CWE-ID: CWE-294

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Dingtian

Affected software:
DT-R002

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an authentication bypass by capture-replay in the relay_cgi.cgi. A remote attacker can control the devices attached to the relays without requiring authentication.

How to mitigate CVE-2022-29593

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-01

Authentication Bypass by Capture-replay in DT-R002 - CVE-2022-29593

Detailed vulnerability description

How to mitigate CVE-2022-29593

Sources

Please verify you're human