Description

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes the router to reboot without explicit user consent. This lack of CSRF protection on a sensitive administrative function can lead to denial of service by disrupting network availability.

INFO

Published Date :

2025-09-23T00:00:00.000Z

Last Modified :

2025-10-28T20:15:50.999Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-56311 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-56311.

URL Resource
https://github.com/wrathfulDiety/CVE-2025-56311 cve-icon cve-icon
https://github.com/wrathfulDiety/fd602gw-dx-r410-csrf-advisory cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact