Shenzhen C-Data Technology FD602GW-DX-R410 Router Authenticated CSRF Vulnerability Allowing Unauthorized Reboot

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the web management interface of the Shenzhen C-Data Technology FD602GW-DX-R410 fiber router, specifically in firmware version 2.2.14. The vulnerability resides in the reboot endpoint, which lacks proper CSRF protection. This flaw allows an attacker to create a malicious webpage that, when visited by an authenticated administrator, can trigger a reboot of the router without the user's consent. Such an action can disrupt network availability, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the router to reboot immediately, disrupting network service for all connected users. This denial-of-service condition could potentially be combined with other vulnerabilities, such as session hijacking or cross-site scripting, to increase the overall impact.

Reproduction

To reproduce this vulnerability, an authenticated administrator must be lured into visiting a crafted webpage. This page should contain a form that automatically submits a POST request to the '/boaform/admin/formReboot' endpoint, including a 'postSecurityFlag' parameter. Once the router receives this request, it will reboot without any user confirmation.

Remediation

It is recommended to implement CSRF tokens and enforce strict Origin or Referer validation on all administrative endpoints. Additionally, sessions should be invalidated after use and secured with cookies, while access to the admin interface could be restricted to trusted IPs or internal networks.