CVE-2025-11301
BaseFortify
Publication date: 2025-10-05
Last updated on: 2026-02-24
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| belkin | f9k1015_firmware | 1.00.10 |
| belkin | f9k1015 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical buffer overflow in the Belkin F9K1015 router version 1.00.10, specifically in the web interface file /goform/formWlanSetupWPS. It occurs because the input data is copied to an output buffer without verifying that the input size fits, leading to a buffer overflow condition. This flaw can be exploited remotely without authentication, potentially allowing an attacker to execute arbitrary code or cause a denial of service. [1, 2]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing remote attackers to compromise the confidentiality, integrity, and availability of the affected device. Exploiting this buffer overflow could lead to arbitrary code execution or denial of service, which means attackers could take control of the router or disrupt its normal operation. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring requests to the vulnerable endpoint `/goform/formWlanSetupWPS` on Belkin F9K1015 routers running firmware version 1.00.10. Network intrusion detection systems (NIDS) or web server logs can be inspected for unusual or malformed HTTP requests targeting this path. Since the vulnerability involves buffer overflow via manipulation of the webpage argument, commands like `tcpdump` or `Wireshark` can be used to capture HTTP traffic to the device and filter for requests to `/goform/formWlanSetupWPS`. For example, using tcpdump: `tcpdump -i <interface> -A 'tcp port 80 and (((ip dst <router_ip>) and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420))'` and then searching for the URI `/goform/formWlanSetupWPS`. Additionally, web server logs on the device (if accessible) can be checked for suspicious POST or GET requests to this endpoint. However, no specific detection commands or signatures are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of the affected Belkin F9K1015 router firmware version 1.00.10, as no patches or vendor mitigations are available. It is recommended to replace the vulnerable device with an alternative product. Network administrators should restrict remote access to the router's web interface, especially blocking access to the `/goform/formWlanSetupWPS` endpoint if possible via firewall rules. Monitoring for exploit attempts and isolating the device from untrusted networks can also reduce risk. Since the vendor did not respond or provide fixes, relying on network-level protections and device replacement is the advised course of action. [2]