CVE-2025-11300

CVE-2025-11300 is a buffer overflow vulnerability affecting the Belkin F9K1015 router running firmware version 1.00.10. The flaw resides in an unknown function within the /goform/formWlanMP file, triggered by manipulation of the ateFunc argument. This issue, linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

The vulnerability enables remote exploitation by an attacker who has low privileges, such as those obtained through prior authentication to the device. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data compromise, or denial of service on the affected router.

References, including GitHub repositories and VulDB entries, detail a publicly available proof-of-concept exploit but provide no information on vendor patches or mitigations. The vendor was notified early but has not responded, leaving affected devices without official remediation options. Security practitioners should isolate or replace vulnerable Belkin F9K1015 routers and monitor for exploitation attempts using the disclosed POC.

A public exploit has been released, increasing the risk of real-world attacks against unpatched devices. No evidence of active in-the-wild exploitation is noted in available sources.