Description
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.
Published: 2026-04-29
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability in Tenda W3002R/A302/W309R routers allows an attacker to modify the device's DNS configuration without authenticating. By sending a crafted GET request to the /goform/AdvSetDns endpoint that includes an admin‑language cookie, an attacker can set any primary or secondary DNS servers. This change can redirect all traffic from the router’s connected clients to malicious DNS servers, enabling phishing, traffic interception, or denial of service attacks.

Affected Systems

The affected devices are Tenda wireless routers model W3002R (and A302/W309R), running firmware version V5.07.64_en. No other firmware versions or models were listed as affected. Therefore, only routers with the V5.07.64_en build should be verified.

Risk and Exploitability

The vulnerability scores a CVSS of 9.3, indicating a high severity. The EPSS score is not available, and the vulnerability is not currently listed in the CISA KEV catalog. Attackers can exploit the weakness remotely over the internet without needing any credentials, using only a crafted HTTP request. Because session validation is insufficient, the exploit requires only a simple GET payload and does not rely on complex prerequisites.

Generated by OpenCVE AI on April 30, 2026 at 03:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update that fixes the session validation flaw.
  • Restrict web interface access to trusted IP addresses or disable remote management.
  • Configure the router to use hard‑coded, trusted DNS servers that cannot be altered without a firmware update.
  • Enable logging of DNS changes and monitor for unauthorized modifications.

Generated by OpenCVE AI on April 30, 2026 at 03:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w3002r
Vendors & Products Tenda
Tenda w3002r

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.
Title Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change
Weaknesses CWE-290
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tenda W3002r
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-30T14:11:11.561Z

Reserved: 2026-04-29T12:27:08.662Z

Link: CVE-2018-25317

cve-icon Vulnrichment

Updated: 2026-04-30T14:10:50.286Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-29T20:16:27.663

Modified: 2026-04-30T15:11:12.703

Link: CVE-2018-25317

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:20:34Z

Weaknesses