CVE-2025-56311

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware version 2.2.14

Description The web management interface contains an authenticated Cross-Site Request Forgery (CSRF) issue on the reboot endpoint (/boaform/admin/formReboot). An attacker can create a malicious webpage that, when accessed by an authenticated administrator, causes the router to reboot without the user’s knowledge. This can result in a denial of service by disrupting network availability.

Recommendations Apply a firmware update that addresses the CSRF protection on the reboot endpoint.

Exploit

Fix

DoS

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-56311

Affected Products

Fd602Gw-Dx-R410

CVE-2025-56311

Weakness Enumeration

Related Identifiers

Affected Products

References · 7