Tenda FH303/A300 Firmware Session Weakness Vulnerability Allowing Unauthenticated DNS Modification

A session weakness vulnerability has been identified in Tenda FH303/A300 firmware version 5.07.68_EN. This vulnerability allows unauthenticated attackers to modify DNS settings by exploiting inadequate cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a manipulated admin cookie to change DNS servers, potentially redirecting user traffic to malicious websites.

Impact

Exploitation of this vulnerability allows for unauthorized modification of DNS settings, causing affected systems to use foreign DNS servers typically controlled by cybercriminals. This can lead to redirection of users to malicious sites, replacement of ads on legitimate sites, disruption of access to important OS and software updates, and increased susceptibility to other malware infections.

Reproduction

To reproduce this vulnerability, send a GET request to the /goform/AdvSetDns endpoint. Include a crafted admin cookie that bypasses the cookie validation. The request can be made using a web browser or a tool like curl. Once the DNS settings are changed, the system will use the specified DNS servers, which can be set up to redirect traffic to malicious sites.