CVE-2018-25318
CVE-2018-25318 affects Tenda FH303/A300 firmware V5.07.68_EN. The issue is a session weakness that lets unauthenticated attackers modify DNS settings by exploiting insufficient cookie validation. Attackers can issue GET requests to /goform/AdvSetDns with a crafted admin cookie to change DNS serve...