CVE-2025-7092
BaseFortify
Publication date: 2025-07-06
Last updated on: 2025-07-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| belkin | f9k1122_firmware | 1.00.33 |
| belkin | f9k1122 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7092 is a critical stack-based buffer overflow vulnerability in the Belkin F9K1122 router firmware version 1.00.33. It occurs in the formWlanSetupWPS function, specifically involving the parameters 'wps_enrolee_pin' and 'webpage'. These parameters are not properly validated for length, allowing an attacker to supply excessively long input that causes a stack overflow. This overflow can crash the router and potentially allow remote attackers to execute arbitrary code. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without local access, allowing attackers to crash the device or execute arbitrary code. This compromises the confidentiality, integrity, and availability of the affected router, potentially leading to unauthorized control over the device and disruption of network services. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for attempts to access the /goform/formWlanSetupWPS endpoint with unusually long or malformed parameters for wps_enrolee_pin or webpage, which may indicate exploitation attempts. Since the exploit is publicly available and targets these parameters, network intrusion detection systems (NIDS) can be configured to alert on HTTP POST requests to /goform/formWlanSetupWPS containing suspiciously long wps_enrolee_pin or webpage values. Specific commands are not provided in the resources, but using tools like tcpdump or Wireshark to capture HTTP traffic and grep or similar tools to filter for these parameters could help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of the affected Belkin F9K1122 router version 1.00.33, as no vendor patches or countermeasures are available. It is recommended to replace the affected device with a secure alternative to avoid risk. Additionally, restricting remote access to the router's management interface and monitoring for exploitation attempts may help reduce exposure until replacement. [2]