CVE-2018-25316

CriticalPublic PoC

Published: 29 April 2026

Published

29 April 2026

Modified

04 May 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0016 36.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change…

DNS servers and redirect user traffic to malicious sites.

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match

prevent

Directly addresses the cookie session weakness by requiring protection of the authenticity of communications sessions to prevent unauthenticated modification of DNS settings via crafted cookies.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to system resources like the DNS configuration endpoint, mitigating insufficient session validation that allows unauthenticated changes.

SI-10 Information Input Validation partial match

prevent

Validates inputs such as the crafted admin language cookie sent to the goform/AdvSetDns endpoint to block unauthorized DNS server modifications.

Security SummaryAI

CVE-2018-25316 is a cookie session weakness vulnerability affecting the Tenda W308R v2 router on firmware version V5.07.48. The flaw arises from insufficient session validation, enabling unauthenticated attackers to modify DNS settings via crafted requests. It is classified under CWE-290 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high impact on confidentiality, integrity, and availability.

Unauthenticated remote attackers can exploit this vulnerability by sending GET requests to the /goform/AdvSetDns endpoint with a specially crafted "admin language" cookie. Successful exploitation allows attackers to alter the device's DNS server configurations, redirecting user traffic to malicious sites for purposes such as phishing or further compromise.

Advisories and proof-of-concept exploits are documented in key references, including Exploit-DB at https://www.exploit-db.com/exploits/44373 and a Vulncheck advisory at https://www.vulncheck.com/advisories/tenda-w308r-v2-cookie-session-weakness-dns-change. Security practitioners should review these sources for detailed reproduction steps and any vendor-recommended mitigations.

Details

CWE(s): CWE-290

Affected Products

tenda

w308r firmware

5.07.48

References

https://www.exploit-db.com/exploits/44373
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/tenda-w308r-v2-cookie-session-weakness-dns-change
Third Party Advisory · disclosure@vulncheck.com