A critical session validation vulnerability in Tenda wireless routers allows unauthenticated remote attackers to modify DNS settings and redirect user traffic.

The device fails to properly validate administrative session cookies, allowing an unauthenticated attacker to send requests to the DNS configuration endpoint and redirect traffic to malicious servers.

With a CVSS score of 9.8, this flaw allows for large-scale man-in-the-middle attacks. Attackers can redirect all traffic from the affected network to malicious sites, facilitating credential harvesting, malware delivery, and data exfiltration.

Immediate Action: Update the device firmware to the latest available version provided by the manufacturer.

Proactive Monitoring: Check router DNS settings periodically for unauthorized changes and monitor traffic for suspicious redirects.

Compensating Controls: If a patch is unavailable, disable remote management and restrict access to the administrative interface to local, trusted devices only.

Public Exploit Available: Unknown

This legacy vulnerability remains a significant risk for affected hardware. Administrators should prioritize upgrading the firmware or replacing the affected hardware if a patch is not available.