CVE-2018-25317

Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:w309r_firmware:5.07.64_en:*:*:*:*:*:*:*
cpe:2.3:h:tenda:w309r:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tenda:a302_firmware:5.07.64_en:*:*:*:*:*:*:*
cpe:2.3:h:tenda:a302:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tenda:w3002r_firmware:5.07.64_en:*:*:*:*:*:*:*
cpe:2.3:h:tenda:w3002r:-:*:*:*:*:*:*:*

History

05 May 2026, 02:46

Type Values Removed Values Added
References () https://www.exploit-db.com/exploits/44380 - () https://www.exploit-db.com/exploits/44380 - Exploit, Third Party Advisory, VDB Entry
References () https://www.vulncheck.com/advisories/tenda-w3002r-a302-w309r-64-en-cookie-session-weakness-dns-change - () https://www.vulncheck.com/advisories/tenda-w3002r-a302-w309r-64-en-cookie-session-weakness-dns-change - Third Party Advisory
CPE cpe:2.3:h:tenda:w309r:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:w309r_firmware:5.07.64_en:*:*:*:*:*:*:*
cpe:2.3:o:tenda:a302_firmware:5.07.64_en:*:*:*:*:*:*:*
cpe:2.3:h:tenda:a302:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:w3002r_firmware:5.07.64_en:*:*:*:*:*:*:*
cpe:2.3:h:tenda:w3002r:-:*:*:*:*:*:*:*
First Time Tenda w3002r
Tenda w3002r Firmware
Tenda
Tenda w309r
Tenda w309r Firmware
Tenda a302
Tenda a302 Firmware

30 Apr 2026, 15:11

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-29 20:16

Updated : 2026-06-17 01:55


NVD link : CVE-2018-25317

Mitre link : CVE-2018-25317

CVE.ORG link : CVE-2018-25317


JSON object : View

Products Affected

tenda

  • a302
  • a302_firmware
  • w3002r_firmware
  • w3002r
  • w309r
  • w309r_firmware
CWE
CWE-290

Authentication Bypass by Spoofing