CVE-2025-56311
BaseFortify
Publication date: 2025-09-23
Last updated on: 2025-10-28
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shenzhen_c-data_technology | fd602gw-dx-r410 | 2.2.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authenticated Cross-Site Request Forgery (CSRF) in the web management interface of the Shenzhen C-Data Technology Co. FD602GW-DX-R410 router (firmware v2.2.14). Specifically, the reboot endpoint lacks CSRF protection, allowing an attacker to create a malicious webpage that, when visited by an authenticated administrator, triggers the router to reboot without the administrator's consent.
How can this vulnerability impact me? :
The vulnerability can lead to denial of service by causing the router to reboot unexpectedly, disrupting network availability and potentially interrupting business operations or internet connectivity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid visiting untrusted or suspicious webpages while logged into the router's web management interface. Additionally, consider restricting administrative access to trusted networks and users only. If possible, update the firmware to a version that addresses this CSRF vulnerability once available.