CVE-2022-29593

MEDIUM

Dingtian DT-R002 3.1.276A - Unauthenticated Authentication Bypass via HTTP Request Replay

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-29593. PoCs published by Victor Hanna, 9lyph.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability (CVE-2022-29593) in Dingtian-DT-R002 3.1.276A by sending crafted HTTP requests to control relay switches without authentication. It leverages a capture-replay attack (CWE-294) to manipulate relay states via the relay_cgi.cgi endpoint.

Description

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.

Exploits (2)

exploitdb WORKING POC

by Victor Hanna · pythonwebappshardware

https://www.exploit-db.com/exploits/50984

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability (CVE-2022-29593) in Dingtian-DT-R002 3.1.276A by sending crafted HTTP requests to control relay switches without authentication. It leverages a capture-replay attack (CWE-294) to manipulate relay states via the relay_cgi.cgi endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dingtian DT-R002 2CH Smart Relay V3.1.276A

No auth needed

Prerequisites: Network access to the target device · Knowledge of the target's IP address

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by 9lyph · poc

https://github.com/9lyph/CVE-2022-29593

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2022-29593, an authentication bypass vulnerability in Shenzhen Dingtian Technologies' 2 Channel Relay Board (Firmware V3.1.276A). The exploit demonstrates how unauthenticated HTTP requests can control the relays by replaying captured requests.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dingtian DT-R002 2CH Relay Board, Firmware V3.1.276A

No auth needed

Prerequisites: Network access to the target device · Device must be running affected firmware version

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/

Exploit, Third Party Advisory x_refsource_misc

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/167868/Dingtian-DT-R002-3.1.276A-Authentication-Bypass.html

Scores

CVSS v3 5.9

EPSS 0.0989

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-294

Status published

Products (1)

dingtian-tech/dt-r004_firmware 3.1.276a

Published Jul 14, 2022

Tracked Since Feb 18, 2026