CVE-2025-56311
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-10-28

Assigner: MITRE

Description
In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes the router to reboot without explicit user consent. This lack of CSRF protection on a sensitive administrative function can lead to denial of service by disrupting network availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-10-28
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-56311
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shenzhen_c-data_technology fd602gw-dx-r410 2.2.14
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an authenticated Cross-Site Request Forgery (CSRF) in the web management interface of the Shenzhen C-Data Technology Co. FD602GW-DX-R410 router (firmware v2.2.14). Specifically, the reboot endpoint lacks CSRF protection, allowing an attacker to create a malicious webpage that, when visited by an authenticated administrator, triggers the router to reboot without the administrator's consent.

Impact Analysis

The vulnerability can lead to denial of service by causing the router to reboot unexpectedly, disrupting network availability and potentially interrupting business operations or internet connectivity.

Mitigation Strategies

To mitigate this vulnerability, avoid visiting untrusted or suspicious webpages while logged into the router's web management interface. Additionally, consider restricting administrative access to trusted networks and users only. If possible, update the firmware to a version that addresses this CSRF vulnerability once available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56311. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart