Hasanka Amarasinghe

2 exploits Active since Jul 2025

CVE-2025-52357 NOMISEC MEDIUM WRITEUP

FiberHome FD602GW-DX-R410 V2.2.14 - XSS

Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied input in the ping form field, which fails to sanitize special characters. This can be exploited to hijack sessions or escalate privileges through social engineering or browser-based attacks.

CVSS 4.1

View Code

CVE-2025-56311 NOMISEC MEDIUM WRITEUP

Shenzhen C-Data Technology Co. FD602GW-DX-R410 v2.2.14 - CSRF

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes the router to reboot without explicit user consent. This lack of CSRF protection on a sensitive administrative function can lead to denial of service by disrupting network availability.

CVSS 6.5

View Code