Critical severity9.8NVD Advisory· Published Apr 29, 2026· Updated May 4, 2026
CVE-2018-25318
CVE-2018-25318
Description
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS servers and redirect user traffic to malicious sites.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- cpe:2.3:o:tenda:a300_firmware:5.07.68_en:*:*:*:*:*:*:*
- cpe:2.3:o:tenda:fh303_firmware:5.07.68_en:*:*:*:*:*:*:*
- Range: = 5.07.68_EN
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/44381nvdExploitThird Party AdvisoryVDB Entry
- www.vulncheck.com/advisories/tenda-fh303-a300-68-en-cookie-session-weakness-dns-changenvdThird Party Advisory
News mentions
0No linked articles in our index yet.