CVE-2025-1283

CVE-2025-1283, published on 2025-02-13, is a critical vulnerability in the Dingtian DT-R0 Series that enables attackers to bypass login requirements by directly navigating to the main page. This authentication bypass issue, linked to CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and CWE-306 (Missing Authentication for Critical Function), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility and potential for significant impact.

The vulnerability can be exploited by unauthenticated remote attackers with network access to the affected device, requiring low complexity and no user interaction. Successful exploitation allows bypassing authentication controls, granting direct access to the main page and potentially leading to high confidentiality, integrity, and availability impacts, such as unauthorized control over the device.

Mitigation guidance is available in the CISA ICS Advisory ICSA-25-044-18 at https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-18, with additional vendor contact information at https://www.dingtian-tech.com/en_us/aboutus.html?tab=contact_us. Security practitioners should consult these resources for patching or workaround details specific to the Dingtian DT-R0 Series.