CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-25317

Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.5%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2018-25317

Tenda » A302 » Version: N/A

cpe:2.3:h:tenda:a302:-
Tenda » W3002r » Version: N/A

cpe:2.3:h:tenda:w3002r:-
Tenda » W309r » Version: N/A

cpe:2.3:h:tenda:w309r:-
Tenda » A302 Firmware » Version: 5.07.64_en

cpe:2.3:o:tenda:a302_firmware:5.07.64_en
Tenda » W3002r Firmware » Version: 5.07.64_en

cpe:2.3:o:tenda:w3002r_firmware:5.07.64_en
Tenda » W309r Firmware » Version: 5.07.64_en

cpe:2.3:o:tenda:w309r_firmware:5.07.64_en

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-25317

Products

Pricing

Contact Us