Cross-Site Scripting Vulnerability in FiberHome FD602GW-DX-R410 Router
CVE-2025-52357

4.1MEDIUM

Key Information:

Vendor: FiberHome
Status: FD602GW-DX-R410 router
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-52357?

A cross-site scripting vulnerability exists in the ping diagnostic feature of the FiberHome FD602GW-DX-R410 router (firmware V2.2.14). An attacker with authenticated access can exploit this weakness by sending malicious user input in the ping form field, which does not properly sanitize special characters. This can lead to the execution of arbitrary JavaScript code within the router's web interface. Consequently, this may allow the attacker to hijack user sessions or escalate privileges through various methods, including social engineering or browser-based attacks.

References

https://github.com/wrathfulDiety/fd602gw-dx-r410-xss-advi...

https://github.com/wrathfulDiety/CVE-2025-52357

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Jun 16, 2025