CVE-2025-11298
Published: 05 October 2025
Description
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Security Summary
CVE-2025-11298 is a command injection vulnerability affecting the Belkin F9K1015 router on firmware version 1.00.10. The flaw resides in an unknown function of the web interface file /goform/formSetWanStatic, where manipulation of the m_wan_ipaddr argument triggers command injection. Published on 2025-10-05, it carries a CVSS 3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWE-74 and CWE-77.
Remote attackers with low privileges can exploit this vulnerability without user interaction. By crafting a malicious request to the affected endpoint, they can inject and execute arbitrary commands, potentially leading to limited impacts on confidentiality, integrity, and availability, such as unauthorized access to system resources or minor disruptions.
Advisories indicate the vendor was notified early but provided no response or patches. The exploit is publicly disclosed, with a proof-of-concept available at https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formSetWanStatic.md#poc; additional details appear on VulDB at https://vuldb.com/?ctiid.327179 and related entries. Practitioners should isolate affected devices and monitor for exploitation attempts until mitigations emerge.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote command injection vulnerability in the Belkin F9K1015 router's web interface (/goform/formSetWanStatic) via m_wan_ipaddr enables exploitation of a public-facing application (T1190) and indirect command execution (T1202), as explicitly mapped in the VulDB advisory.