Description
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS servers and redirect user traffic to malicious sites.
Published: 2026-04-29
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Tenda FH303/A300 firmware V5.07.68_EN allows an attacker to craft an admin cookie and send a GET request to the /goform/AdvSetDns endpoint, thereby modifying the router’s DNS server settings. This weakness arises from insufficient session cookie validation (CWE‑290), enabling plain‑text manipulation of critical router configuration. The result is that the victim’s entire network traffic can be redirected to malicious or phishing sites, compromising confidentiality, integrity, and potentially availability of the local network.

Affected Systems

Affected devices are Tenda FH303/A300 routers running firmware V5.07.68_EN. No other versions or build numbers are listed as impacted, so the risk applies specifically to routers with this exact firmware release.

Risk and Exploitability

The CVSS score of 9.3 classifies this issue as critical, and the EPSS score is not reported, while it is not listed in the CISA KEV catalog. Attackers can exploit the flaw without authentication by delivering a crafted cookie to an exposed web interface, suggesting a network‑based attack vector that requires only internet connectivity to the router. Successful exploitation can permanently alter DNS settings until the firmware is updated, thus making this vulnerability a high‑priority threat for affected users.

Generated by OpenCVE AI on April 30, 2026 at 13:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace the router firmware with the latest version provided by Tenda that addresses the weak session validation flaw. If a new firmware release is unavailable, contact Tenda support to confirm a pending fix.
  • If an immediate firmware update cannot be applied, block unauthenticated access to the /goform/AdvSetDns endpoint by configuring the router’s firewall or disabling remote management features that expose this interface.
  • After resolving the vulnerability, change the admin credentials to a strong, unique password and enable any available session‑security mechanisms such as HTTP‑only or secure cookie flags to reduce the risk of future cookie‑based attacks.

Generated by OpenCVE AI on April 30, 2026 at 13:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda fh303/a300
Vendors & Products Tenda
Tenda fh303/a300

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS servers and redirect user traffic to malicious sites.
Title Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change
Weaknesses CWE-290
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tenda Fh303/a300
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-30T15:22:22.014Z

Reserved: 2026-04-29T12:27:37.000Z

Link: CVE-2018-25318

cve-icon Vulnrichment

Updated: 2026-04-30T13:13:41.414Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-29T20:16:27.800

Modified: 2026-04-30T15:11:12.703

Link: CVE-2018-25318

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses