CVE-2025-56311

Published: Sep 23, 2025

Modified: Oct 28, 2025

PUBLISHED

Description

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes the router to reboot without explicit user consent. This lack of CSRF protection on a sensitive administrative function can lead to denial of service by disrupting network availability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/wrathfulDiety/fd602gw-dx-r410-csrf-advisory

https://github.com/wrathfulDiety/CVE-2025-56311

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-56311

Description

Affected Products

References