This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis โ
Q1What is this vulnerability? (Essence + Consequences)
๐จ **Essence**: A critical session weakness in Tenda W3002R routers. ๐ **Consequences**: Attackers can hijack DNS settings, redirecting all user traffic to malicious servers.โฆ
๐ฆ **Affected Product**: **Tenda W3002R** Wireless Router. ๐ **Context**: Specifically targets the V5.07.64_en firmware version mentioned in advisories. It is a consumer-grade device by Tenda.
๐ **Threshold**: **VERY LOW**. โก **Auth**: **None required** (Unauthenticated). ๐ฑ๏ธ **UI**: **None required** (No user interaction). ๐ **Access**: **Network** (Remote). This is a remote, zero-touch exploit.
Q6Is there a public Exp? (PoC/Wild Exploitation)
๐ฃ **Public Exploit**: **YES**. ๐ **Reference**: ExploitDB ID **44380** is available. ๐ข **Advisory**: VulnCheck has published detailed advisories. Wild exploitation is highly likely given the ease of access.
Q7How to self-check? (Features/Scanning)
๐ **Self-Check**: Scan for the **/goform/AdvSetDns** endpoint. ๐ช **Indicator**: Look for requests sending a crafted **admin language cookie**.โฆ
๐ฉน **Official Fix**: The data indicates a published date of **2026-04-29**, suggesting this is a future-dated or simulated advisory in this context.โฆ
๐ฅ **Urgency**: **CRITICAL**. ๐จ **Priority**: **P0**. With CVSS 9.8 and no authentication required, this is an immediate threat. Patch immediately or disconnect from the internet to prevent DNS hijacking.