CVE-2022-29593 - OpenCVE

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dingtian-tech	Dt-r004 Dt-r004 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dingtian-tech:dt-r004_firmware:3.1.276a:*:*:*:*:*:*:*

cpe:2.3:h:dingtian-tech:dt-r004:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-Authentication-Bypass.html	Exploit Third Party Advisory VDB Entry
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/	Exploit Third Party Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-14T14:56:44

Updated: 2022-07-29T16:06:19

Reserved: 2022-04-22T00:00:00

Link: CVE-2022-29593

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-14T15:15:08.093

Modified: 2022-11-05T02:45:26.543

Link: CVE-2022-29593

JSON object: View

Redhat Information

No data.

CWE

CWE-294

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-29T16:06:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-Authentication-Bypass.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-29593", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/", "refsource": "MISC", "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"}, {"name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/", "refsource": "MISC", "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/"}, {"name": "http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-Authentication-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-Authentication-Bypass.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-29593", "datePublished": "2022-07-14T14:56:44", "dateReserved": "2022-04-22T00:00:00", "dateUpdated": "2022-07-29T16:06:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dingtian-tech:dt-r004_firmware:3.1.276a:*:*:*:*:*:*:*", "matchCriteriaId": "01C8472F-8680-4391-8852-05A499E19D96", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dingtian-tech:dt-r004:-:*:*:*:*:*:*:*", "matchCriteriaId": "83DFA702-A798-4A1E-91EB-4DA450626580", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request."}, {"lang": "es", "value": "El archivo relay_cgi.cgi en los dispositivos de retransmisi\u00f3n Dingtian DT-R002 2CH con firmware 3.1.276A, permite a un atacante reproducir peticiones HTTP post sin necesidad de autenticaci\u00f3n o una petici\u00f3n v\u00e1lida firmada/autorizada"}], "id": "CVE-2022-29593", "lastModified": "2022-11-05T02:45:26.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-14T15:15:08.093", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-Authentication-Bypass.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "nvd@nist.gov", "type": "Primary"}]}