CVE-2025-10880 — HIGH (7.5)

Vulnerability Description

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dingtian-Tech	Dt-R002 Firmware	-
Dingtian-Tech	Dt-R002	-

Related Weaknesses (CWE)

CWE-522

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2025-10880?

CVE-2025-10880 is a vulnerability with a CVSS score of 7.5 (HIGH). All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by ...

How severe is CVE-2025-10880?

CVE-2025-10880 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-10880?

Check the references section above for vendor advisories and patch information. Affected products include: Dingtian-Tech Dt-R002 Firmware, Dingtian-Tech Dt-R002.