CVE-2025-52357 is a Cross-Site Scripting (XSS) vulnerability identified in the ping diagnostic feature of the FiberHome FD602GW-DX-R410 router running firmware version V2.2.14. This vulnerability arises because the router's web interface fails to properly sanitize user input in the ping form field, allowing an authenticated attacker to inject arbitrary JavaScript code. The vulnerability requires the attacker to have authenticated access to the router's web interface, which typically means they must have valid credentials or have gained access through other means such as default passwords or network compromise. Once exploited, the attacker can execute malicious scripts within the context of the router’s web interface. This can lead to session hijacking, where the attacker steals the session tokens of legitimate users, or privilege escalation by tricking users into performing unintended actions via social engineering or browser-based attacks. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common category for XSS issues. The CVSS v3.1 base score is 4.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L) shows that the attack can be performed remotely over the network with low attack complexity, requires privileges (authenticated user), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects availability (A:L) but not confidentiality or integrity directly. No known exploits are reported in the wild yet, and no patches are currently linked, indicating that organizations should prioritize mitigation to prevent exploitation. The vulnerability specifically targets the FiberHome FD602GW-DX-R410 router, a device commonly used in broadband and fiber-optic network deployments, especially in regions where FiberHome products have market presence.

For European organizations, the impact of this vulnerability can be significant depending on the deployment scale of FiberHome FD602GW-DX-R410 routers. Exploitation could allow attackers to hijack sessions of network administrators or users managing the router, potentially leading to unauthorized changes in network configurations or denial of service by disrupting router availability. Although the vulnerability does not directly compromise confidentiality or integrity of data, the ability to execute arbitrary scripts within the router’s management interface can facilitate further attacks such as credential theft or lateral movement within the network. This is particularly concerning for critical infrastructure providers, ISPs, and enterprises relying on these routers for fiber-optic broadband connectivity. The requirement for authentication and user interaction somewhat limits the attack surface but does not eliminate risk, especially in environments where credential hygiene is poor or social engineering is effective. The changed scope indicates that the vulnerability could affect other components or services linked to the router’s web interface, potentially amplifying the impact. Given the medium severity and the lack of known exploits, the threat is moderate but warrants proactive mitigation to prevent exploitation and maintain network stability and security.

1. Immediate mitigation should focus on restricting access to the router’s web interface to trusted administrators only, ideally through network segmentation and firewall rules limiting management access to secure internal networks or VPNs. 2. Enforce strong authentication mechanisms, including changing default credentials and implementing multi-factor authentication (MFA) if supported by the router. 3. Monitor and audit router access logs for unusual login attempts or suspicious activity indicative of attempted exploitation. 4. Educate administrators and users about the risks of social engineering and the importance of not interacting with suspicious links or scripts that could trigger exploitation. 5. Since no official patch is currently available, consider deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking XSS payloads targeting the router’s management interface. 6. Engage with FiberHome support or vendors to request firmware updates or patches addressing this vulnerability and plan for timely deployment once available. 7. For environments where the router is critical, consider temporary replacement or additional network controls until a patch is released. 8. Regularly review and update router firmware and configurations to minimize exposure to known vulnerabilities.