Description
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites.
Published: 2026-04-29
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a cookie session weakness that allows an attacker to send GET requests containing a crafted admin language cookie to the goform/AdvSetDns endpoint. An unauthenticated user can change the DNS servers on the device, redirecting all user traffic to malicious sites. The flaw lies in insufficient session validation, which is identified as CWE-290.

Affected Systems

The affected product is the Tenda W308R v2 router with firmware version 5.07.48. This firmware update exposes the cookie session weakness and can be deployed on Tenda R and W series routers.

Risk and Exploitability

With a CVSS score of 9.3, the vulnerability is considered critical. The EPSS score is not available, and it is not listed in the CISA KEV catalog. The attack vector is unauthenticated over HTTP, requiring only the ability to send crafted GET requests to the device, making it highly exploitable once the device is reachable.

Generated by OpenCVE AI on April 30, 2026 at 03:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update for the Tenda W308R v2 that addresses the cookie session validation flaw.
  • Disable external web management of the router, allowing the admin interface only from the local network or a trusted gateway.
  • Configure the router to use secure authentication mechanisms and enforce strict cookie validation for all administrative sessions.

Generated by OpenCVE AI on April 30, 2026 at 03:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w308r
Vendors & Products Tenda
Tenda w308r

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites.
Title Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change
Weaknesses CWE-290
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tenda W308r
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-30T12:39:23.647Z

Reserved: 2026-04-29T12:26:39.586Z

Link: CVE-2018-25316

cve-icon Vulnrichment

Updated: 2026-04-30T12:39:12.792Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-29T20:16:27.503

Modified: 2026-04-30T15:11:12.703

Link: CVE-2018-25316

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:20:36Z

Weaknesses