CVE-2018-25316: Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites.
Security readout for executives and security teams
Plain-English summary
This issue lets an unauthenticated attacker change DNS settings on a Tenda W308R v2 router running firmware V5.07.48. If successful, users behind the router could be silently redirected to attacker-controlled destinations, enabling credential theft, traffic interception, or outage. The bundle does not identify a vendor patch.
Executive priority
Treat as urgent for any confirmed W308R v2 V5.07.48 device. DNS control can redirect business traffic and users without endpoint compromise. Prioritize isolation, configuration review, and vendor remediation confirmation.
Technical view
CVE-2018-25316 is a CWE-290 authentication/session validation weakness in Tenda W308R v2 V5.07.48. The described impact is unauthorized DNS configuration change through insufficient session validation around the router DNS configuration function. CVSS 3.1 is 9.8 with network, low-complexity, unauthenticated exploitation characteristics.
Likely exposure
Exposure is limited to Tenda W308R v2 devices on firmware V5.07.48, especially where the router management interface is reachable from untrusted networks. The source bundle does not prove other Tenda models, versions, or firmware branches are affected.
Exploitation context
A public ExploitDB reference is listed, indicating public exploit information exists. The bundle marks CISA KEV status as false and provides no cited evidence of active exploitation in the wild.
Researcher notes
The record is source-thin: affected scope is specific, duplicate affected entries appear in the bundle, and no patch is named. Do not generalize beyond W308R v2 V5.07.48 without vendor or firmware evidence.
Mitigation direction
Check Tenda guidance for fixed firmware or replacement direction.
Remove management access from the public internet immediately.
Restrict router administration to trusted internal networks only.
Verify DNS settings and reset unauthorized resolver changes.
Replace affected devices if no vendor-supported fix exists.
Validation and detection
Inventory Tenda W308R v2 routers and confirm firmware version.
Check whether administrative interfaces are reachable from untrusted networks.
Review configured DNS resolvers for unauthorized changes.
Monitor DNS traffic for unexpected resolver destinations.
Track vendor and CVE records for patch or advisory updates.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-290: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
2CVSS vectors
3Timeline events
1ADP providers
3Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: yesTechnical Impact: total
CVSS vector scores
2 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-290 · source CWE mapping
Authentication Bypass by Spoofing
Authentication Bypass by Spoofing represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.