Filtered by vendor Tenda
Subscriptions
Filtered by product A302
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25317 | 1 Tenda | 6 A302, A302 Firmware, W3002r and 3 more | 2026-05-05 | 9.8 Critical |
| Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers. | ||||
Page 1 of 1.