Lucene search

[email protected]CVE-2022-29593

HistoryJul 14, 2022 - 3:15 p.m.

CVE-2022-29593

2022-07-1415:15:08

CWE-294

[email protected]

web.nvd.nist.gov

cve-2022-29593

relay_cgi.cgi

dingtian dt-r002

firmware

vulnerability

http post request replay

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.

Affected configurations

NVD

Node

dingtian-techdt-r004_firmwareMatch3.1.276a

AND

dingtian-techdt-r004Match-

CPENameOperatorVersion
dingtian-tech:dt-r004_firmwaredingtian-tech dt-r004 firmwareeq3.1.276a

CPE	Name	Operator	Version
dingtian-tech:dt-r004_firmware	dingtian-tech dt-r004 firmware	eq	3.1.276a

References

packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-Authentication-Bypass.html

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/

www.trustwave.com/en-us/resources/security-resources/security-advisories/

Social References

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2022-29593

prion1 nvd1 githubexploit1 cvelist1 packetstorm1 ics1 zdt1 exploitdb1