CVE-2022-29593
published 2022-07-14CVE-2022-29593: relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication…
PriorityP353medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EXPLOIT
EPSS
10.44%
95.2th percentile
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dingtian-tech | dt-r004_firmware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9522-4c39-hgpv: relay_cgi
ghsa_unreviewed·2022-07-15
CVE-2022-29593 [MEDIUM] CWE-294 GHSA-9522-4c39-hgpv: relay_cgi
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
CISA ICS
Dingtian DT-R002
cisa_ics·2023-10-26·CVSS 5.9
[MEDIUM] Dingtian DT-R002
ICS Advisory
##
Dingtian DT-R002
Release DateOctober 26, 2023
Alert CodeICSA-23-299-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.9
- ATTENTION: Exploitable remotely/public exploits are available
- Vendor: Dingtian
- Equipment: DT-R002
- Vulnerability: Authentication Bypass by Capture-Replay
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to bypass authentication.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Dingtian DT-R002, a relay board, are affected:
- DT-R002: version 3.1.276A
## 3.2 Vulnerability Overview
3.2.1 AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP po
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-Authentication-Bypass.htmlhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/https://www.trustwave.com/en-us/resources/security-resources/security-advisories/http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-Authentication-Bypass.htmlhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
2022-07-14
Published