CVE-2025-7082
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-06

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wan_ipaddr/wan_netmask/wan_gateway/wl_ssid is directly passed by the attacker/so we can control the wan_ipaddr/wan_netmask/wan_gateway/wl_ssid leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-06
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7082
EUVD
EUVD-2025-20138
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
belkin f9k1122_firmware 1.00.33
belkin f9k1122 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-7082 is a critical OS command injection vulnerability in the Belkin F9K1122 router firmware version 1.00.33. It exists in the web interface function formBSSetSitesurvey, where parameters such as wan_ipaddr, wan_netmask, wan_gateway, and wl_ssid are taken directly from user input without proper sanitization. This allows a remote attacker to inject and execute arbitrary operating system commands on the device. [1, 2]


How can this vulnerability impact me? :

This vulnerability allows remote attackers to execute arbitrary OS commands on the affected router, which can compromise the device's confidentiality, integrity, and availability. An attacker could potentially take control of the device, disrupt network operations, or use the device as a pivot point for further attacks. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can be performed by monitoring for suspicious HTTP requests targeting the /goform/formBSSetSitesurvey endpoint with parameters wan_ipaddr, wan_netmask, wan_gateway, or wl_ssid containing unusual or command injection payloads. Network intrusion detection systems (NIDS) can be configured to alert on such patterns. Specific commands are not provided in the resources. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing the affected Belkin F9K1122 device, as no known countermeasures or patches are available. Additionally, restricting remote access to the device's web interface and monitoring for exploit attempts can help reduce risk. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart