Vulnerability Description
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dingtian-Tech | Dt-R004 Firmware | 3.1.276a |
| Dingtian-Tech | Dt-R004 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-AuthenticaExploitThird Party AdvisoryVDB Entry
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-aExploitThird Party Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
- http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-AuthenticaExploitThird Party AdvisoryVDB Entry
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-aExploitThird Party Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
FAQ
What is CVE-2022-29593?
CVE-2022-29593 is a vulnerability with a CVSS score of 5.9 (MEDIUM). relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
How severe is CVE-2022-29593?
CVE-2022-29593 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29593?
Check the references section above for vendor advisories and patch information. Affected products include: Dingtian-Tech Dt-R004 Firmware, Dingtian-Tech Dt-R004.