Security Advisory

CVE-2018-25316

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-29 19:24:44

Last updated 2026-05-28 14:52:10

Assigner VulnCheck

State PUBLISHED

Description

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites.

← Browse all CVEs View on cve.org ↗