CVE-2018-25317

Name of the Vulnerable Software and Affected Versions Tenda W3002R/A302/W309R wireless routers version V5.07.64 en

Description Insufficient session validation allows unauthenticated attackers to modify DNS settings. By sending GET requests to the '/goform/AdvSetDns' endpoint using a crafted admin language cookie, an attacker can change the primary and secondary DNS servers to redirect user traffic to malicious servers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.