CVE-2025-11292
BaseFortify
Publication date: 2025-10-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| belkin | f9k1015_firmware | 1.00.10 |
| belkin | f9k1015 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a command injection flaw in the Belkin F9K1015 router version 1.00.10. It exists in the /goform/formBSSetSitesurvey endpoint, specifically through the manipulation of the 'wan_ipaddr' parameter. Because the input is not properly sanitized, an attacker can inject arbitrary commands that the device will execute. This allows remote attackers to run commands on the router without needing local access. [1, 2]
How can this vulnerability impact me? :
The vulnerability can impact you by compromising the confidentiality, integrity, and availability of your affected Belkin router. An attacker can remotely execute arbitrary commands on the device, potentially taking control of it, disrupting its operation, or using it as a foothold for further attacks. Since the exploit is publicly available and no patches or mitigations exist, the risk of exploitation is high. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for requests to the endpoint `/goform/formBSSetSitesurvey` containing the parameter `wan_ipaddr`. Suspicious or malformed inputs in this parameter may indicate exploitation attempts. You can use network capture tools like tcpdump or Wireshark to filter HTTP requests to this endpoint. For example, a command to capture such traffic might be: `tcpdump -i any -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formBSSetSitesurvey'`. Additionally, checking router logs for unusual commands or unexpected changes related to `wan_ipaddr` may help detect exploitation. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of the affected Belkin F9K1015 router version 1.00.10, as no patches or vendor mitigations are available. Replace the device with a secure alternative. Restrict remote access to the router's management interface to trusted networks only, and monitor for suspicious activity. If possible, disable the vulnerable endpoint or restrict access to it via firewall rules. Since the vulnerability allows remote command injection, isolating the device from untrusted networks is critical. [2]