top of page
perceptive_background_267k.jpg

Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insuf…

Published:

28 April 2026 at 22:00:00

Alert date:

29 April 2026 at 21:06:00

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

CVE-2018-25318 affects Tenda FH303/A300 firmware V5.07.68_EN with a session weakness vulnerability. The flaw allows unauthenticated attackers to modify DNS settings through insufficient cookie validation. Attackers can exploit the /goform/AdvSetDns endpoint by sending GET requests with crafted admin cookies. This vulnerability enables DNS hijacking attacks to redirect user traffic to malicious sites. The weakness stems from inadequate session management and authentication controls in the router firmware.

Technical details

Mitigation steps:

Affected products:

Tenda FH303
Tenda A300

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25318
https://www.exploit-db.com/exploits/44381
https://www.vulncheck.com/advisories/tenda-fh303-a300-68-en-cookie-session-weakness-dns-change

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page