Dingtian DT-R002

Monitor7.5ICS-CERT ICSA-25-268-01Sep 25, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Dingtian DT-R002 contains a vulnerability that allows an attacker to retrieve stored credentials without authentication. The vulnerability affects all versions of the DT-R002. Dingtian has not engaged with CISA to develop a fix. Exploitation requires network access to HTTP (TCP/80) or the Dingtian Protocol ports (UDP/60000 and UDP/60001).

What this means

What could happen

An attacker without authentication can retrieve credentials from the DT-R002 device, potentially gaining access to control system accounts and enabling unauthorized changes to operations or lateral movement into critical systems.

Who's at risk

Water utilities, electric utilities, and other industrial facilities using Dingtian DT-R002 repeaters or relays in control system networks should be concerned. The DT-R002 is typically used for signal transmission in remote telemetry and process monitoring applications.

How it could be exploited

An attacker on the network sends HTTP or Dingtian Protocol requests to the DT-R002 device and receives stored credentials in response without providing valid authentication. These credentials could then be used to access other control systems or administrative functions.

Prerequisites

Network access to the device on TCP/80, UDP/60000, or UDP/60001
No authentication required

Remotely exploitableNo authentication requiredLow complexityNo patch availableUnauthenticated credential exposure

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

DT-R002: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict access to HTTP (TCP/80) and Dingtian Protocol ports (UDP/60000 and UDP/60001) using firewall rules

HARDENINGImplement access controls ensuring the device is not reachable from the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDContact Dingtian customer support to determine if a firmware update or alternative mitigation is available

Mitigations - no patch available

0/1

DT-R002: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate DT-R002 devices from the business network and Internet-connected systems using network segmentation

CVEs (2)

CVE-2025-10879 CVE-2025-10880

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ee9fe69-cb31-4552-b8f7-ccc5824ddb79