CVE

CVE-2018-25317

0field notes · 1digest CVSS 9.8

Daily digests

Tenda W3002R, A302, and W309R routers on firmware V5.07.64_en have the same broken session validation as CVE-2018-25318. An unauthenticated attacker can forge an admin cookie and rewrite the router's DNS settings, redirecting all user traffic to attacker-controlled DNS servers.

Daily Digest · Apr 30, 2026
ksmbd RCE (9.8) + Wazuh cluster write-to-RCE

CVE-2018-25317

ksmbd RCE (9.8) + Wazuh cluster write-to-RCE