A critical session validation vulnerability in Tenda W308R v2 routers allows unauthenticated attackers to modify DNS settings and intercept network traffic.

Insufficient validation of administrative cookies allows unauthenticated users to access the '/goform/AdvSetDns' endpoint and change DNS server configurations.

The CVSS score of 9.8 highlights the severity of this issue, as it permits attackers to perform transparent traffic interception. This can lead to the theft of sensitive data and the deployment of malicious payloads to all connected clients on the network.

Immediate Action: Update the router firmware to the most recent version available from the vendor.

Proactive Monitoring: Regularly audit the router configuration for unauthorized DNS changes and monitor logs for unusual access to management endpoints.

Compensating Controls: Disable remote administrative access and ensure that only authorized devices are connected to the network management segment.

Public Exploit Available: Unknown

This vulnerability requires immediate attention for any active deployments. Given the potential for traffic redirection, verifying the integrity of the current DNS settings is a critical first step.