Hasanka Amarasinghe

**Name of the Vulnerable Software and Affected Versions:** FiberHome FD602GW-DX-R410 router version V2.2.14 **Description:** A Cross-Site Scripting (XSS) issue exists in the ping diagnostic feature. An authenticated attacker can execute arbitrary JavaScript code within the router’s web interface. The issue is triggered by unsanitized user-supplied input in the ping form field, potentially leading to session hijacking or privilege escalation through social engineering or browser-based attacks. **Recommendations:** Update to a newer version that contains a fix for this issue.