CVE-2025-11301

Опубликовано: 05 окт. 2025

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWlanSetupWPS.md
Exploit
Third Party Advisory
https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWlanSetupWPS.md#poc
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.327182
Permissions Required
VDB Entry
https://vuldb.com/?id.327182
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.661305
Third Party Advisory
VDB Entry
https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWlanSetupWPS.md
Exploit
Third Party Advisory
https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWlanSetupWPS.md#poc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:belkin:f9k1015_firmware:1.00.10:*:*:*:*:*:*:*

cpe:2.3:h:belkin:f9k1015:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00162

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-98gv-47jr-425g

CVSS3: 8.8

github

4 месяца назад

BDU:2025-12612

CVSS3: 8.8

fstec

5 месяцев назад

Уязвимость функции formWlanSetupWPS() файла /goform/formWlanSetupWPS микропрограммного обеспечения маршрутизаторов Belkin F9K1015, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 37%

0.00162

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-119