This page aggregates publicly disclosed CVE and security risk information related to dingtian-tech, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-10880 | All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request. | [email protected] | 8.7 | 0.05% | 2025-09-25 | 2025-09-29 |
| CVE-2025-10879 | All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication. | [email protected] | 8.7 | 0.05% | 2025-09-25 | 2025-09-29 |
| CVE-2025-1283 | The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page. | [email protected] | 9.3 | 0.03% | 2025-02-13 | 2025-04-10 |
| CVE-2022-29593 | relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request. | [email protected] | 5.9 | 8.17% | 2022-07-14 | 2025-05-05 |