CVE-2025-7088
BaseFortify
Publication date: 2025-07-06
Last updated on: 2025-07-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| belkin | f9k1122_firmware | 1.00.33 |
| belkin | f9k1122 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7088 is a critical stack-based buffer overflow vulnerability in the Belkin F9K1122 router firmware version 1.00.33. It occurs in the formPPPoESetup function at the /goform/formPPPoESetup web endpoint, specifically involving the pppUserName parameter. The vulnerability arises because the pppUserName input is not properly validated for length, allowing an attacker to supply an excessively long value that causes a stack overflow. This overflow can crash the router's server process and allows remote attackers to execute arbitrary code on the device. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution on the affected Belkin F9K1122 router, which means an attacker can take control of the device remotely without local access. This compromises the confidentiality, integrity, and availability of the system, potentially allowing attackers to disrupt network services, steal sensitive information, or use the device as a foothold for further attacks. The exploit is easy to perform and publicly available, increasing the risk of exploitation. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring or testing the /goform/formPPPoESetup endpoint of the Belkin F9K1122 router for abnormal behavior or crashes when sending crafted requests with an excessively long pppUserName parameter. Since the vulnerability involves a stack-based buffer overflow triggered by the pppUserName argument, detection can involve sending test HTTP POST requests to this endpoint with varying lengths of pppUserName to observe if the router crashes or behaves unexpectedly. Specific commands could include using curl or similar tools to send such requests, for example: curl -X POST http://<router-ip>/goform/formPPPoESetup -d "pppUserName=$(python3 -c 'print("A"*1000)')". Monitoring router logs or network traffic for crashes or resets after such tests can help detect the vulnerability. However, no official detection scripts or commands are provided. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Belkin F9K1122 router with an alternative device, as no patches or vendor responses are available. Since the vulnerability allows remote code execution via the /goform/formPPPoESetup endpoint and no known countermeasures exist, it is recommended to isolate the device from untrusted networks, disable remote management if possible, and monitor for suspicious activity. Avoid exposing the router's web interface to the internet. Ultimately, replacing the vulnerable device is the most effective mitigation. [2]