CVE-2025-52357

Published: Jul 9, 2025

Modified: Jul 9, 2025

PUBLISHED

Description

Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied input in the ping form field, which fails to sanitize special characters. This can be exploited to hijack sessions or escalate privileges through social engineering or browser-based attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/wrathfulDiety/fd602gw-dx-r410-xss-advisory/blob/main/README.md

https://github.com/wrathfulDiety/CVE-2025-52357

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-52357

Description

Affected Products

References