This vulnerability exists in widely deployed consumer Tenda wireless routers. Unauthenticated attackers can exploit insufficient session validation by sending a crafted admin language cookie with GET requests to the /goform/AdvSetDns endpoint. Successful exploitation allows attackers to modify DNS settings and redirect all user traffic from the affected router to malicious DNS servers.
Remediation
Install the latest available firmware update from Tenda for all affected router models. If no official patch is available, disable remote management of the router and restrict admin interface access to trusted local networks only. Monitor DNS configuration for unapproved changes.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.