Cyber Resilience

CVE-2022-29593

MediumPublic PoC

Published: 14 July 2022

Published
14 July 2022
Modified
05 May 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0817 92.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-29593 is a medium-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Dingtian-Tech Dt-R004 Firmware. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 7.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-29593 is an authentication bypass vulnerability in the relay_cgi.cgi component of Dingtian DT-R002 2CH relay devices running firmware version 3.1.276A. The flaw, categorized under CWE-294, permits replay of captured HTTP POST requests without requiring valid authentication, signatures, or authorization tokens. It carries a CVSS 3.1 score of 5.9 reflecting network attack vector, high complexity, and high integrity impact with no confidentiality or availability effects.

An unauthenticated attacker with network access can capture legitimate POST requests and replay them to alter device state, such as toggling relays, without possessing credentials or session tokens. The attack succeeds because the firmware does not enforce replay protection or request uniqueness checks on the affected CGI endpoint.

Public advisories and exploit artifacts are available from Trustwave SpiderLabs and Packet Storm, documenting the capture-replay technique against the listed firmware. The associated EPSS score has remained flat at 0.0817 with no material increase after disclosure.

EU & UK References

Vulnerability details

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dingtian-tech
dt-r004 firmware
3.1.276a

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-294

Allows detection of capture-replay attacks by showing the replayed logon's timestamp as the last logon.

addresses: CWE-294

Protects against replay of captured session tokens or credentials by requiring authenticated, fresh session channels.

addresses: CWE-294

Wireless link protections commonly incorporate replay protection, reducing the exploitability of capture-replay weaknesses.

addresses: CWE-294

Accurate synchronized time enables tight timestamp windows that directly limit capture-replay windows in authentication protocols.

References