A critical session vulnerability in Tenda FH303/A300 routers allows unauthenticated remote attackers to modify DNS settings and redirect network traffic.

The device fails to properly validate cookies during session management, allowing an unauthenticated attacker to manipulate DNS configurations through the '/goform/AdvSetDns' endpoint.

With a CVSS score of 9.8, this vulnerability poses a severe risk to network security, enabling attackers to conduct man-in-the-middle attacks. Users may be silently redirected to malicious websites, leading to compromised credentials and malware infections.

Immediate Action: Update the device firmware to the latest version released by Tenda.

Proactive Monitoring: Monitor network traffic for anomalous DNS resolution patterns and verify that DNS settings have not been altered.

Compensating Controls: Restrict administrative access to the router's management interface to local, trusted network segments.

Public Exploit Available: Unknown

Administrators must prioritize patching this vulnerability to prevent traffic redirection. Where patching is not possible, the device should be isolated or replaced to maintain network integrity.