ГлавнаяУязвимости → CVE-2018-25317
9.8критическая

CVE-2018-25317

Описание

Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.

Затрагиваемое ПО
Tenda W309r firmwareTenda W309rTenda A302 firmwareTenda A302Tenda W3002r firmwareTenda W3002r
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.exploit-db.com/exploits/44380https://www.vulncheck.com/advisories/tenda-w3002r-a302-w309r-64-en-cookie-session-weakness-dns-change