CVE-2025-52357: n/a
Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied input in the ping form field, which fails to sanitize special characters. This can be exploited to hijack sessions or escalate privileges through social engineering or browser-based attacks.
AI Analysis
Technical Summary
CVE-2025-52357 is a Cross-Site Scripting (XSS) vulnerability identified in the ping diagnostic feature of the FiberHome FD602GW-DX-R410 router running firmware version V2.2.14. This vulnerability arises because the router's web interface fails to properly sanitize user input in the ping form field, allowing an authenticated attacker to inject arbitrary JavaScript code. The vulnerability requires the attacker to have authenticated access to the router's web interface, which typically means they must have valid credentials or have gained access through other means such as default passwords or network compromise. Once exploited, the attacker can execute malicious scripts within the context of the router’s web interface. This can lead to session hijacking, where the attacker steals the session tokens of legitimate users, or privilege escalation by tricking users into performing unintended actions via social engineering or browser-based attacks. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common category for XSS issues. The CVSS v3.1 base score is 4.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L) shows that the attack can be performed remotely over the network with low attack complexity, requires privileges (authenticated user), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects availability (A:L) but not confidentiality or integrity directly. No known exploits are reported in the wild yet, and no patches are currently linked, indicating that organizations should prioritize mitigation to prevent exploitation. The vulnerability specifically targets the FiberHome FD602GW-DX-R410 router, a device commonly used in broadband and fiber-optic network deployments, especially in regions where FiberHome products have market presence.
Potential Impact
For European organizations, the impact of this vulnerability can be significant depending on the deployment scale of FiberHome FD602GW-DX-R410 routers. Exploitation could allow attackers to hijack sessions of network administrators or users managing the router, potentially leading to unauthorized changes in network configurations or denial of service by disrupting router availability. Although the vulnerability does not directly compromise confidentiality or integrity of data, the ability to execute arbitrary scripts within the router’s management interface can facilitate further attacks such as credential theft or lateral movement within the network. This is particularly concerning for critical infrastructure providers, ISPs, and enterprises relying on these routers for fiber-optic broadband connectivity. The requirement for authentication and user interaction somewhat limits the attack surface but does not eliminate risk, especially in environments where credential hygiene is poor or social engineering is effective. The changed scope indicates that the vulnerability could affect other components or services linked to the router’s web interface, potentially amplifying the impact. Given the medium severity and the lack of known exploits, the threat is moderate but warrants proactive mitigation to prevent exploitation and maintain network stability and security.
Mitigation Recommendations
1. Immediate mitigation should focus on restricting access to the router’s web interface to trusted administrators only, ideally through network segmentation and firewall rules limiting management access to secure internal networks or VPNs. 2. Enforce strong authentication mechanisms, including changing default credentials and implementing multi-factor authentication (MFA) if supported by the router. 3. Monitor and audit router access logs for unusual login attempts or suspicious activity indicative of attempted exploitation. 4. Educate administrators and users about the risks of social engineering and the importance of not interacting with suspicious links or scripts that could trigger exploitation. 5. Since no official patch is currently available, consider deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking XSS payloads targeting the router’s management interface. 6. Engage with FiberHome support or vendors to request firmware updates or patches addressing this vulnerability and plan for timely deployment once available. 7. For environments where the router is critical, consider temporary replacement or additional network controls until a patch is released. 8. Regularly review and update router firmware and configurations to minimize exposure to known vulnerabilities.
Affected Countries
Germany, France, Italy, Spain, United Kingdom, Netherlands, Poland
CVE-2025-52357: n/a
Description
Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied input in the ping form field, which fails to sanitize special characters. This can be exploited to hijack sessions or escalate privileges through social engineering or browser-based attacks.
AI-Powered Analysis
Technical Analysis
CVE-2025-52357 is a Cross-Site Scripting (XSS) vulnerability identified in the ping diagnostic feature of the FiberHome FD602GW-DX-R410 router running firmware version V2.2.14. This vulnerability arises because the router's web interface fails to properly sanitize user input in the ping form field, allowing an authenticated attacker to inject arbitrary JavaScript code. The vulnerability requires the attacker to have authenticated access to the router's web interface, which typically means they must have valid credentials or have gained access through other means such as default passwords or network compromise. Once exploited, the attacker can execute malicious scripts within the context of the router’s web interface. This can lead to session hijacking, where the attacker steals the session tokens of legitimate users, or privilege escalation by tricking users into performing unintended actions via social engineering or browser-based attacks. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common category for XSS issues. The CVSS v3.1 base score is 4.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L) shows that the attack can be performed remotely over the network with low attack complexity, requires privileges (authenticated user), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects availability (A:L) but not confidentiality or integrity directly. No known exploits are reported in the wild yet, and no patches are currently linked, indicating that organizations should prioritize mitigation to prevent exploitation. The vulnerability specifically targets the FiberHome FD602GW-DX-R410 router, a device commonly used in broadband and fiber-optic network deployments, especially in regions where FiberHome products have market presence.
Potential Impact
For European organizations, the impact of this vulnerability can be significant depending on the deployment scale of FiberHome FD602GW-DX-R410 routers. Exploitation could allow attackers to hijack sessions of network administrators or users managing the router, potentially leading to unauthorized changes in network configurations or denial of service by disrupting router availability. Although the vulnerability does not directly compromise confidentiality or integrity of data, the ability to execute arbitrary scripts within the router’s management interface can facilitate further attacks such as credential theft or lateral movement within the network. This is particularly concerning for critical infrastructure providers, ISPs, and enterprises relying on these routers for fiber-optic broadband connectivity. The requirement for authentication and user interaction somewhat limits the attack surface but does not eliminate risk, especially in environments where credential hygiene is poor or social engineering is effective. The changed scope indicates that the vulnerability could affect other components or services linked to the router’s web interface, potentially amplifying the impact. Given the medium severity and the lack of known exploits, the threat is moderate but warrants proactive mitigation to prevent exploitation and maintain network stability and security.
Mitigation Recommendations
1. Immediate mitigation should focus on restricting access to the router’s web interface to trusted administrators only, ideally through network segmentation and firewall rules limiting management access to secure internal networks or VPNs. 2. Enforce strong authentication mechanisms, including changing default credentials and implementing multi-factor authentication (MFA) if supported by the router. 3. Monitor and audit router access logs for unusual login attempts or suspicious activity indicative of attempted exploitation. 4. Educate administrators and users about the risks of social engineering and the importance of not interacting with suspicious links or scripts that could trigger exploitation. 5. Since no official patch is currently available, consider deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking XSS payloads targeting the router’s management interface. 6. Engage with FiberHome support or vendors to request firmware updates or patches addressing this vulnerability and plan for timely deployment once available. 7. For environments where the router is critical, consider temporary replacement or additional network controls until a patch is released. 8. Regularly review and update router firmware and configurations to minimize exposure to known vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-06-16T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686ed198a83201eaac9f3b30
Added to database: 7/9/2025, 8:31:20 PM
Last enriched: 7/9/2025, 8:32:11 PM
Last updated: 8/14/2025, 12:32:15 PM
Views: 22
Related Threats
CVE-2025-9016: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8451: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpdevteam Essential Addons for Elementor – Popular Elementor Templates & Widgets
MediumCVE-2025-8013: CWE-918 Server-Side Request Forgery (SSRF) in quttera Quttera Web Malware Scanner
LowCVE-2025-6679: CWE-434 Unrestricted Upload of File with Dangerous Type in bitpressadmin Bit Form – Custom Contact Form, Multi Step, Conversational, Payment & Quiz Form builder
CriticalCVE-2025-9013: SQL Injection in PHPGurukul Online Shopping Portal Project
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.