CVE-2025-11298
BaseFortify
Publication date: 2025-10-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| belkin | f9k1015_firmware | 1.00.10 |
| belkin | f9k1015 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11298 is a command injection vulnerability in the Belkin F9K1015 router version 1.00.10. It occurs due to improper handling of the 'm_wan_ipaddr' parameter in the '/goform/formSetWanStatic' endpoint, allowing an attacker to inject and execute arbitrary system commands remotely without authentication. This happens because the router constructs system commands using this input without properly neutralizing special characters. [1, 2]
How can this vulnerability impact me? :
This vulnerability can severely impact the confidentiality, integrity, and availability of the affected router. An attacker can remotely execute arbitrary commands, potentially taking full control of the device, disrupting network services, intercepting or modifying data, or using the device as a foothold for further attacks. Since exploitation requires no user interaction and is easy to perform, it poses a significant security risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring network traffic for requests to the endpoint /goform/formSetWanStatic with suspicious or malformed parameters in m_wan_ipaddr that may indicate command injection attempts. Since a proof-of-concept exploit is publicly available, one could attempt to safely test the endpoint by sending crafted HTTP POST requests targeting m_wan_ipaddr to observe if command injection is possible. Example commands using curl to test might be: curl -X POST http://<router-ip>/goform/formSetWanStatic -d 'm_wan_ipaddr=127.0.0.1;id' curl -X POST http://<router-ip>/goform/formSetWanStatic -d 'm_wan_ipaddr=127.0.0.1;uname -a' Monitoring logs for unexpected command execution or unusual system behavior may also help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Belkin F9K1015 router version 1.00.10 with a non-vulnerable device, as no patches or vendor mitigations are currently available. Restricting remote access to the router's management interface, especially blocking access to the /goform/formSetWanStatic endpoint, can reduce exposure. Network segmentation and firewall rules to limit access to the device from untrusted networks are recommended. Monitoring for exploitation attempts and disabling remote management if possible are also advisable. [1]